<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo

News Coverage

IBM's Watson to Rank Threat Severity for NIST

down-arrow

To more accurately assess the threats of cyber vulnerabilities, the National Institute of Standards and Technology (NIST) has partnered with IBM to use Watson’s artificial intelligence (AI) with scoring bugs.

The Common Vulnerabilities and Exposures (CVE) system assigns publicly known security vulnerabilities a score based on the severity of the flaw. The Common Vulnerability Scoring System (CVSS) qualifies the degree of the threat with a numerical ranking between 0.0 and 10.0. In order to evaluate the severity of the growing number of vulnerabilities reported each week, NIST announced that it will use IBM’s Watson. Relying on AI to assess the potentiality of exploitation and assign a CVSS will help to expedite the scoring process.

Because the number of vulnerabilities disclosed has skyrocketed from a couple hundred to several thousands per week, keeping pace with scoring the disclosures has become both laborious and time consuming, according to NextGov.

"With the mounting number of CVEs that enterprises are facing, utilizing Watson would allow enterprise CISOs to better navigate which CVEs are most likely to impact their organizations and apply resources to remediation on those controls. Knowing where to focus your time and budget as a CISO is key,” said George Wrenn, CEO, CyberSaint Security.

"We've seen firsthand the benefits of adopting the NIST Cybersecurity Framework (CSF) and the enormous agility benefits that AI-powered automation enables, particularly in helping avoid misdirecting time, unnecessary manual effort, and resources. We've also seen the power of dynamic threat intelligence that's identified and 'injected' into compliance programs on a control-by-control basis. This is a level of risk analysis that can only be done through the use of breakthrough tech and AI. It is no surprise NIST is delving into this area."

Matthew Scholl, chief of the NIST’s computer security division, reportedly said that Watson is expected to be assigning CVSS scores to most publicly reported vulnerabilities by October 2019 and that the AI system will replace the work of numerous human analysts.

“Applying AI, and in particular Watson, to the scoring of vulnerabilities will be useful for keeping up with the increased NIST work load. However, I don’t foresee this addressing the issue of organizations still not patching their systems in time,” said Gabriel Gumbs, VP of product strategy, STEALTHbits Technologies.

Rating the severity of publicly reported vulnerabilities has the potential to help prioritize which systems are patched first and how soon those patches are applied. Said Gumbs, “This program could go a step further and score both the inherent risk and the residual risk of vulnerabilities when other controls are in place. This would allow for real-world patch prioritization scenarios where organizations can apply controls that can be rolled out faster than a patch and in cases where patches do not [yet] exist still reduce their exposure.”

Originally posted on infosecurity-magazine.com

You may also like

Groundbreaking Executive Dashboard ...
on February 13, 2023

BOSTON--(BUSINESS WIRE)--CyberSaint, the leader in cyber risk management, today announced the release of its Executive Dashboard. CyberSaint is first-to-market with this new ...

CyberSaint STRONGER 2023 ...
on February 2, 2023

BOSTON--(BUSINESS WIRE)--CyberSaint, the leader in cyber risk management, today announced that the company is seeking speaker submissions for its virtual STRONGER conference, set ...

CyberSaint Partners With and ...
on October 5, 2022

BOSTON--(BUSINESS WIRE)--CyberSaint, the developer of the leading platform delivering cyber risk automation, today announced its CyberStrong platform is now Powered by Snowflake. ...

Booz Allen Hamilton and CyberSaint ...
on September 7, 2022

MCLEAN, Va. & BOSTON--(BUSINESS WIRE)--Booz Allen Hamilton (NYSE: BAH) and CyberSaint today announced a strategic partnership that aligns Booz Allen’s world-class ...

CyberSaint Continues to Support ...
on July 6, 2022

BOSTON--(BUSINESS WIRE)--CyberSaint, the developer of the leading platform delivering cyber risk automation, announced the addition of CMMC 2.0, allowing customers to adopt the ...

CyberSaint Makes FAIR Model ...
on June 28, 2022

BOSTON--(BUSINESS WIRE)--CyberSaint, the developer of the leading platform delivering cyber risk automation, announced the addition of the FAIR (Factor Analysis of Information ...