SparkCognition, a company that applies machine learning to predictive analytics, has begun working with Carnegie Mellon University's Software Engineering Institute (SEI) to develop an automated threat identification and remediation system that works in conjunction with IBM's Watson.
As part of the arrangement, SparkCognition says it plans to train researchers at SEI's CERT Division how to use IBM Watson to record and index vulnerabilities in the Common Weakness Enumeration (CWE) list and CERT Secure Coding Rules. By doing so, the researchers will make vulnerability information more accessible and more useful to those focused on protecting critical national infrastructure.
To fight automated attacks, organizations need automated defenses in order to help security professionals separate signal from noise.
"Cybersecurity has evolved to a point that without AI, it's really hard to keep up with all the attacks today," said CEO Amir Husain in a phone interview. "The purpose of this partnership is to combine our collective capabilities, and to be able to predict attacks even when the specific threat is not something that's been seen before."
Through automated modeling and machine learning, which the company uses outside the security industry to anticipate wind turbine failure, SparkCognition can predict the behavior of unknown software and flag it for analysis. Husain said these sort of models can help people make better decisions by presenting them with better information.
"AI will find things for me to pay attention to," said Husain, stressing that companies should not seek to completely automate their defenses out of concern for liability, "for the same reason the military does not want AI to pull the trigger."
It's an approach that Husain argues is superior to traditional antivirus tools like blacklists and signatures.
"The rate at which these attacks are being created is so rapid no blacklist can keep up," said Husain.
SparkCognition's SparkSecure automates the process of analyzing inbound and outbound server log data to aid in the detection of malicious software, bot traffic, and suspect IP addresses. It looks at how software is built and the resources it uses before the code gets run.
Husain said his company's system has flagged malware that was missed by more than 60 antivirus engines. When analyzed by a security researcher, the flagged software turned out to be a common decompression utility that had been injected with a previously unseen -- and thus undetectable by signature -- strain of malware.
The role of IBM Watson in this ecosystem is to provide advice, available through natural language queries, to those responsible for dealing with threats. Having been fed massive amounts of security-related information, like device manuals and vulnerability data, Watson acts as a AI help desk.
Husain contends his company's technology is ideal for organizations that have a security information and event management (SIEM) system in place that either is being underutilized or is overloading administrators with alerts.
More than half of all website traffic comes from bots, many of which are trying to scrape data, scan for vulnerabilities, or facilitate identity theft, said Husain. AI can make sense of that vast amount of data more readily than a person.
(Cover image: alengo/iStockphoto)