Request Demo

News Coverage

IBM's Watson to Rank Threat Severity for NIST

down-arrow

To more accurately assess the threats of cyber vulnerabilities, the National Institute of Standards and Technology (NIST) has partnered with IBM to use Watson’s artificial intelligence (AI) with scoring bugs.

The Common Vulnerabilities and Exposures (CVE) system assigns publicly known security vulnerabilities a score based on the severity of the flaw. The Common Vulnerability Scoring System (CVSS) qualifies the degree of the threat with a numerical ranking between 0.0 and 10.0. In order to evaluate the severity of the growing number of vulnerabilities reported each week, NIST announced that it will use IBM’s Watson. Relying on AI to assess the potentiality of exploitation and assign a CVSS will help to expedite the scoring process.

Because the number of vulnerabilities disclosed has skyrocketed from a couple hundred to several thousands per week, keeping pace with scoring the disclosures has become both laborious and time consuming, according to NextGov.

"With the mounting number of CVEs that enterprises are facing, utilizing Watson would allow enterprise CISOs to better navigate which CVEs are most likely to impact their organizations and apply resources to remediation on those controls. Knowing where to focus your time and budget as a CISO is key,” said George Wrenn, CEO, CyberSaint Security.

"We've seen firsthand the benefits of adopting the NIST Cybersecurity Framework (CSF) and the enormous agility benefits that AI-powered automation enables, particularly in helping avoid misdirecting time, unnecessary manual effort, and resources. We've also seen the power of dynamic threat intelligence that's identified and 'injected' into compliance programs on a control-by-control basis. This is a level of risk analysis that can only be done through the use of breakthrough tech and AI. It is no surprise NIST is delving into this area."

Matthew Scholl, chief of the NIST’s computer security division, reportedly said that Watson is expected to be assigning CVSS scores to most publicly reported vulnerabilities by October 2019 and that the AI system will replace the work of numerous human analysts.

“Applying AI, and in particular Watson, to the scoring of vulnerabilities will be useful for keeping up with the increased NIST work load. However, I don’t foresee this addressing the issue of organizations still not patching their systems in time,” said Gabriel Gumbs, VP of product strategy, STEALTHbits Technologies.

Rating the severity of publicly reported vulnerabilities has the potential to help prioritize which systems are patched first and how soon those patches are applied. Said Gumbs, “This program could go a step further and score both the inherent risk and the residual risk of vulnerabilities when other controls are in place. This would allow for real-world patch prioritization scenarios where organizations can apply controls that can be rolled out faster than a patch and in cases where patches do not [yet] exist still reduce their exposure.”

Originally posted on infosecurity-magazine.com

You may also like

CyberSaint user, Silverside ...
on December 6, 2018

    Cutting edge nuclear detection company, SilverSide Detectors, partnered with MassMEP and CyberSaint to become DFARS compliant as they expand their business. Congratulations to ...

100 Million Quora Customers Hit By ...
on December 11, 2018

Quora, one of the largest Q&A internet portals, said hackers breached its servers and obtained information of about 100 million users, almost half of the its entire customer base. ...

Boston-Based Cybersecurity ...
on December 5, 2018

According to the Privacy Rights Clearinghouse, there have been approximately 11.2 billion records exposed in the more than 8,800 data breaches that have been publicly disclosed ...

CyberSaint Closes the ...
on December 3, 2018

BOSTON--(BUSINESS WIRE)--CyberSaint Security, a cybersecurity software firm that powers automated, intelligent compliance and risk management, today released significant new ...

Alison Furneaux
Data Breach Hits 2.6 Million ...
on November 29, 2018

Hospital network Atrium Health informed patients on Tuesday that their personal information was compromised following a breach at technology solutions provider AccuDoc. Atrium ...

2.65 Million Records Exposed in ...
on December 3, 2018

Another massive data breach announcement has made headline, this time for healthcare and wellness program provider Atrium Health, formerly known as Carolinas HealthCare Systems, ...