Request Demo

News Coverage

IBM's Watson to Rank Threat Severity for NIST

down-arrow

To more accurately assess the threats of cyber vulnerabilities, the National Institute of Standards and Technology (NIST) has partnered with IBM to use Watson’s artificial intelligence (AI) with scoring bugs.

The Common Vulnerabilities and Exposures (CVE) system assigns publicly known security vulnerabilities a score based on the severity of the flaw. The Common Vulnerability Scoring System (CVSS) qualifies the degree of the threat with a numerical ranking between 0.0 and 10.0. In order to evaluate the severity of the growing number of vulnerabilities reported each week, NIST announced that it will use IBM’s Watson. Relying on AI to assess the potentiality of exploitation and assign a CVSS will help to expedite the scoring process.

Because the number of vulnerabilities disclosed has skyrocketed from a couple hundred to several thousands per week, keeping pace with scoring the disclosures has become both laborious and time consuming, according to NextGov.

"With the mounting number of CVEs that enterprises are facing, utilizing Watson would allow enterprise CISOs to better navigate which CVEs are most likely to impact their organizations and apply resources to remediation on those controls. Knowing where to focus your time and budget as a CISO is key,” said George Wrenn, CEO, CyberSaint Security.

"We've seen firsthand the benefits of adopting the NIST Cybersecurity Framework (CSF) and the enormous agility benefits that AI-powered automation enables, particularly in helping avoid misdirecting time, unnecessary manual effort, and resources. We've also seen the power of dynamic threat intelligence that's identified and 'injected' into compliance programs on a control-by-control basis. This is a level of risk analysis that can only be done through the use of breakthrough tech and AI. It is no surprise NIST is delving into this area."

Matthew Scholl, chief of the NIST’s computer security division, reportedly said that Watson is expected to be assigning CVSS scores to most publicly reported vulnerabilities by October 2019 and that the AI system will replace the work of numerous human analysts.

“Applying AI, and in particular Watson, to the scoring of vulnerabilities will be useful for keeping up with the increased NIST work load. However, I don’t foresee this addressing the issue of organizations still not patching their systems in time,” said Gabriel Gumbs, VP of product strategy, STEALTHbits Technologies.

Rating the severity of publicly reported vulnerabilities has the potential to help prioritize which systems are patched first and how soon those patches are applied. Said Gumbs, “This program could go a step further and score both the inherent risk and the residual risk of vulnerabilities when other controls are in place. This would allow for real-world patch prioritization scenarios where organizations can apply controls that can be rolled out faster than a patch and in cases where patches do not [yet] exist still reduce their exposure.”

Originally posted on infosecurity-magazine.com

You may also like

Booz Allen 2019 Cyber Threat Report
on February 7, 2019

@BoozAllen @BoozAllenCyber #cybertrends #cybersecurity #cyber Find out the 8 ways threat actors can make waves in 2019 in the annual Booz Allen Cyber Threat Outlook Report: ...

It’s Time to Embrace Password ...
on February 7, 2019

Why Your Enterprise Needs Password Security Strategies Unfortunately, trusting employees to create strong passwords on their own may no longer serve as a tenable strategy. ...

Nearly Half Billion US Personal ...
on February 7, 2019

There’s good news and bad news about identity theft in 2018 according to a new report from the Identity Theft Resource Center (ITRC). The good news is the number of US data ...

News Insights: Millions Of Bank ...
on January 28, 2019

According to Colin Bastable, CEO, Lucy Security: “When US lenders offload our mortgages and loans to third parties, they offload the data too, and wash their hands of all ...

CyberSaint Security Announces ...
on January 28, 2019

BOSTON--(BUSINESS WIRE)--CyberSaint Security, a cybersecurity software firm that powers automated, intelligent compliance and risk management, today announced record-breaking ...

A Cybersecurity Compliance Crystal ...
on January 28, 2019

What Recent News Means for the Future The compliance landscape is changing, necessitating changes from the compliance profession as well. A team of experts from CyberSaint discuss ...

George Wrenn