IBM Watson and cybersecurity: how a cognitive system protects valuable data

According to any analysts, the volume of data generation in companies is constantly growing. In addition, the value of this information increases every day. Corporate espionage has always existed, and with the advent of computer technology, it has reached a new level. Therefore, for any company, cyber security is the cornerstone of its own well-being and prosperity.

It is interesting that in most cases the problem is not even the hacking itself, but the elimination of its consequences - this is a long, expensive, plus a negative effect on the company's reputation. An example is the penetration of ransomware into the company's network - not so long ago, a hosting provider from South Korea had to pay about $ 1 million to attackers to decrypt their data and customer data. But nowadays $ 1 million is not the limit at all. The IBM Watson cognitive system, which has not been taught information security for years, helps avoid such problems.

And this is not surprising, since new threats appear literally every day. If corporate systems do not “know” about the new danger, then they may miss the threat, and then the company's network may be compromised. In addition, many intruder tools work so quickly and efficiently that a person is simply unable to notice the problem right away. Therefore, cybersecurity experts are increasingly using the help of various software platforms, including neural networks. At the moment, the Watson cognitive system, or rather, Watson for CyberSecurity , is one of the most effective tools for protecting data. The service works both independently and as an element of other cloud services.
')

It is worth noting that Watson for CyberSecurity is one of the relatively new IBM cloud services. Cybersecurity was decided to allocate as an independent tool about two years ago. The idea was based on the fact that no matter how good a specialist a company employee is, he is simply unable to track down all the new threats in the field of cyber security, since there are too many of them. A digital assistant is needed, which itself would analyze numerous sources on infobase (as an example, one can cite hundreds of thousands of specialist articles that they publish in their blogs, as well as on the pages of specialized resources).

This information includes data about vulnerabilities, viruses, new software tools, exploits, etc. (now, according to a number of sources, the number of various Internet threats has reached 75,000). Watson for CyberSecurity learns all this and can then put it into practice. Source materials are analyzed, an index is compiled, and dependencies are put down. In other words, the data is structured, and in the future it can be used to work with both new and old threats. It is about deep machine learning and self-learning. IBM specialists are working to ensure that the system can search and master new data sources by analyzing the information associated with them.

Watson for CyberSecurity works with all of this data, using information about tens of thousands of Internet threats that are included in the IBMX-ForceExchange database. Plus, constantly analyzing and new materials that appear on the network.


As mentioned above, Watson for CyberSecurity can be used as an element of other services. One of these is IBMQradar. He was created as a digital assistant for network security analysts. This service works with a speed that is inaccessible to any of the people. And in cyber security, speed often decides everything. Having discovered a problem, IBM Watson searches for all the data associated with it, and then shows the specialist the already processed and structured information, plus suggestions for solving the problem.

All this works according to a rather simple algorithm:
• Identifies the threat and the reasons that led to its appearance;
• Analyzes all available information;
• Data is structured and sent to Watson for CyberSecurity;
• Searching for effective solutions to the problem.

These IBM services help to quickly detect and identify abnormal situations, analyze the cause of the problem and look for ways to solve it, manage the settings of cybersecurity systems and eliminate threats even when they did not cause significant harm. All detected events are recorded and logged, where they can be viewed at any time.

If necessary, you can highlight the priority for various threats, so that the systems deal with the most dangerous problems, and then work with what can be left for later.

In general, services related to Watson for CyberSecurity help people to work. The most important decisions are made by the person, and the computer system helps to solve the problem, preparing objective and complete information about the situation and offering several options for eliminating emerging threats.