Seven months after first announcing that it was teaching its Watson cognitive technology platform to fight cybercrime, IBM Corp. has launched it into the real world, at least in test mode.

The Watson for Cyber Security platform has been designed to discover behavior patterns and evidence of hidden cyber attacks and threats that could otherwise be missed by existing security platforms. It does so by using Watson’s ability to reason and learn from unstructured data, including the 80 percent of all data on the Internet that traditional security tools cannot process, including blogs, articles, videos, reports, alerts and other information.

The software incorporates capabilities such data mining for outlier detection, graphical presentation tools and techniques for finding connections between related data points in different documents, including the ability to identify warnings of new types of malware from even obscure sources.

In the initial beta phase, customers are not being charged for the service. Some 40 organizations signed on for the beta test, including Sun Life Financial, the University of Rochester Medical Center, Avnet, SCANA Corp., Sumitomo Mitsui Banking Corp., California Polytechnic State University, the University of New Brunswick and Smarttech.

“Customers are in the early stages of implementing cognitive security technologies,” IBM Security Chief Technology Officer Sandy Bird said in a statement. “Our research suggests this adoption will increase threefold over the next three years, as tools like Watson for Cyber Security mature and become pervasive in security operations centers. Currently, only 7 percent of security professionals claim to be using cognitive solutions.”

Warning

Not everyone agrees that a machine learning approach is the only way to fight cybercrime. Rapid7 Threat Intelligence Lead Rebekah Brown told SiliconANGLE that automation should not be relied upon exclusively.

“It is very encouraging to see new, innovative methods for analyzing and detecting cyber-attacks, especially one of this magnitude, with so many great minds working together,” Brown said. “This will likely result in the identification of attack trends and patterns that would not be easily identifiable through individual intelligence analysis alone.”

But she said companies have to understand that an automated approach can’t always combat a thinking, changing adversary. “While machine-learning algorithms are effective at identifying and predicting attack patterns based on what has previously been observed, it is always possible that an attacker will take actions that are not predictable or that do not fit with previous behavior patterns,” she said.

In particular, Brown noted, people don’t always act in rational or expected ways. “Automated analysis tools should be viewed as just that, tools, not as a complete replacement for human analysis,” she said. “These tools can support and enable analysts, and should focus on detecting and responding to known patterns so that the human analysts can be prepared to detect and respond to inevitable changes attackers make in targeting, tempo and behaviors.”

Image credit: Rosemaryetoufee/Wikimedia Commons/CC by SA4.0