Ride the Lightning

IBM's Watson Will Help NIST Rank Threat Severity

November 13, 2018

As Infosecurity Magazine reported on November 9th, to more accurately assess the threats of cyber vulnerabilities, the National Institute of Standards and Technology (NIST) has partnered with IBM to use Watson’s artificial intelligence (AI) with scoring bugs.

The Common Vulnerabilities and Exposures (CVE) system assigns publicly known security vulnerabilities a score based on the severity of the flaw. The Common Vulnerability Scoring System (CVSS) qualifies the degree of the threat with a numerical ranking between 0.0 and 10.0. In order to evaluate the severity of the growing number of vulnerabilities reported each week, NIST announced that it will use IBM’s Watson. Utilizing AI to assess the potentiality of exploitation and assign a CVSS will help to expedite the scoring process.

Because the number of vulnerabilities disclosed has escalated from a couple hundred to several thousands per week, keeping pace with scoring the disclosures has become both laborious and time consuming.

"With the mounting number of CVEs that enterprises are facing, utilizing Watson would allow enterprise CISOs to better navigate which CVEs are most likely to impact their organizations and apply resources to remediation on those controls. Knowing where to focus your time and budget as a CISO is key,” said George Wrenn, CEO, CyberSaint Security.

"We've seen firsthand the benefits of adopting the NIST Cybersecurity Framework (CSF) and the enormous agility benefits that AI-powered automation enables, particularly in helping avoid misdirecting time, unnecessary manual effort, and resources. We've also seen the power of dynamic threat intelligence that's identified and 'injected' into compliance programs on a control-by-control basis. This is a level of risk analysis that can only be done through the use of breakthrough tech and AI. It is no surprise NIST is delving into this area."

Matthew Scholl, chief of the NIST’s computer security division, reportedly said that Watson is expected to be assigning CVSS scores to most publicly reported vulnerabilities by October 2019 and that the AI system will replace the work of numerous human analysts.

Another slice of the employment market automated. This put me in mind of Ken Jenning's famous line when he lost at Jeopardy to Watson: "I for one welcome our new computer overlords." I wonder how those human analysts feel.

E-mail:    Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson