July 19, 2017 By Johnathan Van Houten 3 min read

Another Wimbledon has come and gone. To the victors, the accolades and the trophies: Roger Federer’s eighth win and Garbine Muguruza’s first. For the IBM team located in the media center’s ground floor at SW19, the fortnight concludes with an opportunity to break from the constant vigilance ensuring the availability of Wimbledon.com and the integrity of the data consumed.

I spent 15 English summers abroad in that basement, staring at screens, looking for cracks and garnering a love for English tea that consumes me to this day. While, sadly, I was unable to venture across the pond for this year’s tournament, our on-site team did have Watson for Cyber Security to assist them in protecting the pinnacle of tennis achievement.

Quantity Versus Quality

Every analyst is regularly asked to quantify threats, which usually involves delivering a numeric set of values to signify some preponderance of significant events, thus showcasing the ability to withstand an onslaught. These values are both daunting and impressive to the casual observer and security analyst alike.

Growth is systemic, much akin to the rise in popularity of the online portal for all things Wimbledon. Likewise, similarly trending growth occurs in potentially viable threat vectors. In short, attention increases, in both positive and negative ways, along a synchronous path.

The numbers for this year are equally significant, with just short of 200 million events during the tournament alone. Aside from the seemingly insatiable tide, there were many interesting, coordinated actions that could easily become mired in the morass of never-ending scripted attacks.

“Interesting” is not an expression the executives like to hear emanating from the mouth of a security analyst, since that implies something outside the norm — and therefore, potentially damaging. However, we had more than our share during the tournament. The numbers are impressive, but looking deeper, so is the content, even if that is far more difficult to measure qualitatively.

How to Win at Wimbledon

Let us be clear about something: Threat actors are smart. They are diligent, persistent and dedicated, continually pushing the boundaries of their knowledge. They force us to alter the paradigm for managing security on an ongoing basis. They also understand one unequivocal fact: They outnumber the analysts and see the potential in overwhelming the individual to be successful.

For example, this year we noticed a “low and slow” coordinated attack. It began with a specialized form of distributed denial-of-service, which is not meant to decrease the availability of the platform like so many relatives of the method. Instead, it remained below the radar over a short span (10 minutes, in this instance), thus piling log data into a massive stream of similar entries without raising the alarm. It limited the number of active connections to prevent the image of an actual threat.

The value is in the masquerading effect. While their bots are performing this task, cybercriminals use the cover of darkness to attempt other nefarious acts, such as malware injection. An analyst would be forced to slog through thousands of log entries — or, if they were fortunate to have a decent security information and event management (SIEM) solution, could attempt to correlate the entries. It is a time-consuming and error-prone task. Enter Watson.

The Watson for Cyber Security system understands, innately, the relationships between threat vectors and attack types and maintains an evolving set of lists that contain known data accumulated over a vast network of devices across the internet. Analysis is conducted at the press of a button, and Watson returns correlative evidence to show the cause-and-effect relationship between two seemingly disparate attacks.

Digging further down the proverbial rabbit hole depends on the potential for success of the individual. In this instance, there was little opportunity, since the intrusion prevention systems reacted and thwarted any attempt at each action. Still, it piqued my curiosity, and I was glad to have Watson in my toolbox.

Now, if you will excuse me, it’s time for a nice cuppa.

Watch the video: Watson for Cyber Security in Action

More from

Are we getting better at quantifying risk management?

4 min read - As cyber threats grow more sophisticated and pervasive, the need for effective risk management has never been greater. The challenge lies not only in defining risk mitigation strategy but also in quantifying risk in ways that resonate with business leaders. The ability to translate complex technical risks into understandable and actionable business terms has become a crucial component of securing the necessary resources for cybersecurity programs.What approach do companies use today for cyber risk quantification? And how has cyber risk…

Trends: Hardware gets AI updates in 2024

4 min read - The surge in artificial intelligence (AI) usage over the past two and a half years has dramatically changed not only software but hardware as well. As AI usage continues to evolve, PC makers have found in AI an opportunity to improve end-user devices by offering AI-specific hardware and marketing them as "AI PCs."Pre-AI hardware, adapted for AIA few years ago, AI often depended on hardware that was not explicitly designed for AI. One example is graphics processors. Nvidia Graphics Processing…

Cybersecurity Awareness Month: Cybersecurity awareness for developers

3 min read - It's the 21st annual Cybersecurity Awareness Month, and we’re covering many different angles to help organizations manage their cybersecurity challenges. In this mini-series of articles, we’re focusing on specific job roles outside of cybersecurity and how their teams approach security.For developers, cybersecurity has historically been a love-hate issue. The common school of thought is that coders are frustrated with having to tailor their work to fit within cybersecurity rules. However, many companies are embracing a security-first approach, and some developers…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today