July 19, 2017 By Johnathan Van Houten 3 min read

Another Wimbledon has come and gone. To the victors, the accolades and the trophies: Roger Federer’s eighth win and Garbine Muguruza’s first. For the IBM team located in the media center’s ground floor at SW19, the fortnight concludes with an opportunity to break from the constant vigilance ensuring the availability of Wimbledon.com and the integrity of the data consumed.

I spent 15 English summers abroad in that basement, staring at screens, looking for cracks and garnering a love for English tea that consumes me to this day. While, sadly, I was unable to venture across the pond for this year’s tournament, our on-site team did have Watson for Cyber Security to assist them in protecting the pinnacle of tennis achievement.

Quantity Versus Quality

Every analyst is regularly asked to quantify threats, which usually involves delivering a numeric set of values to signify some preponderance of significant events, thus showcasing the ability to withstand an onslaught. These values are both daunting and impressive to the casual observer and security analyst alike.

Growth is systemic, much akin to the rise in popularity of the online portal for all things Wimbledon. Likewise, similarly trending growth occurs in potentially viable threat vectors. In short, attention increases, in both positive and negative ways, along a synchronous path.

The numbers for this year are equally significant, with just short of 200 million events during the tournament alone. Aside from the seemingly insatiable tide, there were many interesting, coordinated actions that could easily become mired in the morass of never-ending scripted attacks.

“Interesting” is not an expression the executives like to hear emanating from the mouth of a security analyst, since that implies something outside the norm — and therefore, potentially damaging. However, we had more than our share during the tournament. The numbers are impressive, but looking deeper, so is the content, even if that is far more difficult to measure qualitatively.

How to Win at Wimbledon

Let us be clear about something: Threat actors are smart. They are diligent, persistent and dedicated, continually pushing the boundaries of their knowledge. They force us to alter the paradigm for managing security on an ongoing basis. They also understand one unequivocal fact: They outnumber the analysts and see the potential in overwhelming the individual to be successful.

For example, this year we noticed a “low and slow” coordinated attack. It began with a specialized form of distributed denial-of-service, which is not meant to decrease the availability of the platform like so many relatives of the method. Instead, it remained below the radar over a short span (10 minutes, in this instance), thus piling log data into a massive stream of similar entries without raising the alarm. It limited the number of active connections to prevent the image of an actual threat.

The value is in the masquerading effect. While their bots are performing this task, cybercriminals use the cover of darkness to attempt other nefarious acts, such as malware injection. An analyst would be forced to slog through thousands of log entries — or, if they were fortunate to have a decent security information and event management (SIEM) solution, could attempt to correlate the entries. It is a time-consuming and error-prone task. Enter Watson.

The Watson for Cyber Security system understands, innately, the relationships between threat vectors and attack types and maintains an evolving set of lists that contain known data accumulated over a vast network of devices across the internet. Analysis is conducted at the press of a button, and Watson returns correlative evidence to show the cause-and-effect relationship between two seemingly disparate attacks.

Digging further down the proverbial rabbit hole depends on the potential for success of the individual. In this instance, there was little opportunity, since the intrusion prevention systems reacted and thwarted any attempt at each action. Still, it piqued my curiosity, and I was glad to have Watson in my toolbox.

Now, if you will excuse me, it’s time for a nice cuppa.

Watch the video: Watson for Cyber Security in Action

More from

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today