<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo

News Coverage

IBM's Watson to Rank Threat Severity for NIST

down-arrow

To more accurately assess the threats of cyber vulnerabilities, the National Institute of Standards and Technology (NIST) has partnered with IBM to use Watson’s artificial intelligence (AI) to score bugs.

The Common Vulnerabilities and Exposures (CVE) system assigns publicly known security vulnerabilities a score based on the severity of the flaw. The Common Vulnerability Scoring System (CVSS) qualifies the degree of the threat with a numerical ranking between 0.0 and 10.0. In order to evaluate the severity of the growing number of vulnerabilities reported each week, NIST announced that it will use IBM’s Watson. Relying on AI to assess the potentiality of exploitation and assign a CVSS will help to expedite the scoring process.

Because the number of vulnerabilities disclosed has skyrocketed from a couple hundred to several thousands per week, keeping pace with scoring the disclosures has become both laborious and time consuming, according to NextGov.

"With the mounting number of CVEs that enterprises are facing, utilizing Watson would allow enterprise CISOs to better navigate which CVEs are most likely to impact their organizations and apply resources to remediation on those controls. Knowing where to focus your time and budget as a CISO is key,” said George Wrenn, CEO, CyberSaint Security.

"We've seen firsthand the benefits of adopting the NIST Cybersecurity Framework (CSF) and the enormous agility benefits that AI-powered automation enables, particularly in helping avoid misdirecting time, unnecessary manual effort, and resources. We've also seen the power of dynamic threat intelligence that's identified and 'injected' into compliance programs on a control-by-control basis. This is a level of risk analysis that can only be done through the use of breakthrough tech and AI. It is no surprise NIST is delving into this area."

Matthew Scholl, chief of the NIST’s computer security division, reportedly said that Watson is expected to be assigning CVSS scores to most publicly reported vulnerabilities by October 2019 and that the AI system will replace the work of numerous human analysts.

“Applying AI, and in particular Watson, to the scoring of vulnerabilities will be useful for keeping up with the increased NIST workload. However, I don’t foresee this addressing the issue of organizations still not patching their systems in time,” said Gabriel Gumbs, VP of product strategy, STEALTHbits Technologies.

Rating the severity of publicly reported vulnerabilities has the potential to help prioritize which systems are patched first and how soon those patches are applied. Said Gumbs, “This program could go a step further and score both the inherent risk and the residual risk of vulnerabilities when other controls are in place. This would allow for real-world patch prioritization scenarios where organizations can apply controls that can be rolled out faster than a patch and in cases where patches do not [yet] exist still reduce their exposure.”

Originally posted on infosecurity-magazine.com

You may also like

CyberSaint Recognized as a Leader ...
on December 5, 2023

BOSTON, December 5, 2023 — CyberSaint, the leader in cyber risk management, today announced that the company has been recognized as a leader for risk and compliance in the ...

CyberSaint Security Appoints Matt ...
on November 20, 2023

BOSTON, MA — CyberSaint, the leader in cyber risk management, today announced the appointment of Matt Alderman as Chief Product Officer (CPO). In this role, Alderman will lead the ...

CyberSaint and ACSC Research Sheds ...
on October 29, 2023

BOSTON--(BUSINESS WIRE)--CyberSaint, the leader in cyber risk management, in collaboration with the Advanced Cyber Security Center (ACSC), has conducted a comprehensive focus ...

CyberSaint Debuts New Remediation ...
on September 6, 2023

BOSTON--(BUSINESS WIRE)--CyberSaint, the leader in cyber risk management, is proud to announce the launch of the Remediation Suite within the CyberStrong platform. With the ...

STRONGER 2023 Conference ...
on July 19, 2023

BOSTON--(BUSINESS WIRE)--CyberSaint, the leader in cyber risk management, today announced that attendee registration is now open for its annual STRONGER conference, the ...

CyberSaint Security Recognized in ...
on December 3, 2023

BOSTON, MA – CyberSaint, the leader in cyber risk management, is pleased to announce its inclusion in the latest Gartner® report, "Innovation Insight: Cybersecurity Continuous ...