July 19, 2017 By Johnathan Van Houten 3 min read

Another Wimbledon has come and gone. To the victors, the accolades and the trophies: Roger Federer’s eighth win and Garbine Muguruza’s first. For the IBM team located in the media center’s ground floor at SW19, the fortnight concludes with an opportunity to break from the constant vigilance ensuring the availability of Wimbledon.com and the integrity of the data consumed.

I spent 15 English summers abroad in that basement, staring at screens, looking for cracks and garnering a love for English tea that consumes me to this day. While, sadly, I was unable to venture across the pond for this year’s tournament, our on-site team did have Watson for Cyber Security to assist them in protecting the pinnacle of tennis achievement.

Quantity Versus Quality

Every analyst is regularly asked to quantify threats, which usually involves delivering a numeric set of values to signify some preponderance of significant events, thus showcasing the ability to withstand an onslaught. These values are both daunting and impressive to the casual observer and security analyst alike.

Growth is systemic, much akin to the rise in popularity of the online portal for all things Wimbledon. Likewise, similarly trending growth occurs in potentially viable threat vectors. In short, attention increases, in both positive and negative ways, along a synchronous path.

The numbers for this year are equally significant, with just short of 200 million events during the tournament alone. Aside from the seemingly insatiable tide, there were many interesting, coordinated actions that could easily become mired in the morass of never-ending scripted attacks.

“Interesting” is not an expression the executives like to hear emanating from the mouth of a security analyst, since that implies something outside the norm — and therefore, potentially damaging. However, we had more than our share during the tournament. The numbers are impressive, but looking deeper, so is the content, even if that is far more difficult to measure qualitatively.

How to Win at Wimbledon

Let us be clear about something: Threat actors are smart. They are diligent, persistent and dedicated, continually pushing the boundaries of their knowledge. They force us to alter the paradigm for managing security on an ongoing basis. They also understand one unequivocal fact: They outnumber the analysts and see the potential in overwhelming the individual to be successful.

For example, this year we noticed a “low and slow” coordinated attack. It began with a specialized form of distributed denial-of-service, which is not meant to decrease the availability of the platform like so many relatives of the method. Instead, it remained below the radar over a short span (10 minutes, in this instance), thus piling log data into a massive stream of similar entries without raising the alarm. It limited the number of active connections to prevent the image of an actual threat.

The value is in the masquerading effect. While their bots are performing this task, cybercriminals use the cover of darkness to attempt other nefarious acts, such as malware injection. An analyst would be forced to slog through thousands of log entries — or, if they were fortunate to have a decent security information and event management (SIEM) solution, could attempt to correlate the entries. It is a time-consuming and error-prone task. Enter Watson.

The Watson for Cyber Security system understands, innately, the relationships between threat vectors and attack types and maintains an evolving set of lists that contain known data accumulated over a vast network of devices across the internet. Analysis is conducted at the press of a button, and Watson returns correlative evidence to show the cause-and-effect relationship between two seemingly disparate attacks.

Digging further down the proverbial rabbit hole depends on the potential for success of the individual. In this instance, there was little opportunity, since the intrusion prevention systems reacted and thwarted any attempt at each action. Still, it piqued my curiosity, and I was glad to have Watson in my toolbox.

Now, if you will excuse me, it’s time for a nice cuppa.

Watch the video: Watson for Cyber Security in Action

More from

Poland spending $760 million on cybersecurity after attack

3 min read - Visitors to the Polish Press Agency (PAP) website on May 31 at 2 p.m. Polish time were met with an unusual message. Instead of the typical daily news, the state-run newspaper had supposedly published a story announcing that a partial mobilization, which means calling up specific people to serve in the armed forces, was ordered by Polish Prime Minister Donald Tusk beginning on July 1, 2024. Deputy Prime Minister Krzysztof Gawkowski refuted the claim on X (formerly Twitter). His post…

How generative AI Is expanding the insider threat attack surface

3 min read - As the adoption of generative AI (GenAI) soars, so too does the risk of insider threats. This puts even more pressure on businesses to rethink security and confidentiality policies.In just a few years, artificial intelligence (AI) has radically changed the world of work. 61% of knowledge workers now use GenAI tools — particularly OpenAI’s ChatGPT — in their daily routines. At the same time, business leaders, often partly driven by a fear of missing out, are investing billions in tools…

Water facilities warned to improve cybersecurity

3 min read - United States water facilities, which include 150,000 public water systems, have become an increasingly high-risk target for cyber criminals in recent years. This rising threat has demanded more attention and policies focused on improving cybersecurity.Water and wastewater systems are one of the 16 critical infrastructures in the U.S. The definition for inclusion in this category is that the industry must be so crucial to the United States that “the incapacity or destruction of such systems and assets would have a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today