Another Wimbledon has come and gone. To the victors, the accolades and the trophies: Roger Federer’s eighth win and Garbine Muguruza’s first. For the IBM team located in the media center’s ground floor at SW19, the fortnight concludes with an opportunity to break from the constant vigilance ensuring the availability of and the integrity of the data consumed.

I spent 15 English summers abroad in that basement, staring at screens, looking for cracks and garnering a love for English tea that consumes me to this day. While, sadly, I was unable to venture across the pond for this year’s tournament, our on-site team did have Watson for Cyber Security to assist them in protecting the pinnacle of tennis achievement.

Quantity Versus Quality

Every analyst is regularly asked to quantify threats, which usually involves delivering a numeric set of values to signify some preponderance of significant events, thus showcasing the ability to withstand an onslaught. These values are both daunting and impressive to the casual observer and security analyst alike.

Growth is systemic, much akin to the rise in popularity of the online portal for all things Wimbledon. Likewise, similarly trending growth occurs in potentially viable threat vectors. In short, attention increases, in both positive and negative ways, along a synchronous path.

The numbers for this year are equally significant, with just short of 200 million events during the tournament alone. Aside from the seemingly insatiable tide, there were many interesting, coordinated actions that could easily become mired in the morass of never-ending scripted attacks.

“Interesting” is not an expression the executives like to hear emanating from the mouth of a security analyst, since that implies something outside the norm — and therefore, potentially damaging. However, we had more than our share during the tournament. The numbers are impressive, but looking deeper, so is the content, even if that is far more difficult to measure qualitatively.

How to Win at Wimbledon

Let us be clear about something: Threat actors are smart. They are diligent, persistent and dedicated, continually pushing the boundaries of their knowledge. They force us to alter the paradigm for managing security on an ongoing basis. They also understand one unequivocal fact: They outnumber the analysts and see the potential in overwhelming the individual to be successful.

For example, this year we noticed a “low and slow” coordinated attack. It began with a specialized form of distributed denial-of-service, which is not meant to decrease the availability of the platform like so many relatives of the method. Instead, it remained below the radar over a short span (10 minutes, in this instance), thus piling log data into a massive stream of similar entries without raising the alarm. It limited the number of active connections to prevent the image of an actual threat.

The value is in the masquerading effect. While their bots are performing this task, cybercriminals use the cover of darkness to attempt other nefarious acts, such as malware injection. An analyst would be forced to slog through thousands of log entries — or, if they were fortunate to have a decent security information and event management (SIEM) solution, could attempt to correlate the entries. It is a time-consuming and error-prone task. Enter Watson.

The Watson for Cyber Security system understands, innately, the relationships between threat vectors and attack types and maintains an evolving set of lists that contain known data accumulated over a vast network of devices across the internet. Analysis is conducted at the press of a button, and Watson returns correlative evidence to show the cause-and-effect relationship between two seemingly disparate attacks.

Digging further down the proverbial rabbit hole depends on the potential for success of the individual. In this instance, there was little opportunity, since the intrusion prevention systems reacted and thwarted any attempt at each action. Still, it piqued my curiosity, and I was glad to have Watson in my toolbox.

Now, if you will excuse me, it’s time for a nice cuppa.

Watch the video: Watson for Cyber Security in Action

More from

Security Awareness Training 101: Which Employees Need It?

4 min read - To understand why you need cybersecurity awareness training, you must first understand employees' outsized roles in security breaches. “People remain — by far — the weakest link in an organization’s cybersecurity defenses,” noted Verizon on the release of their 2022 Data Breach Investigations Report (DBIR). They elaborate that 25% of all breaches covered in the report were the result of social engineering attacks, and when you add human errors and misuse of privilege, the human element accounts for 82% of…

4 min read

Beyond Requirements: Tapping the Business Potential of Data Governance and Security

3 min read - Doom and gloom. Fear, uncertainty and doubt. The "stick" versus the "carrot". What do these concepts have in common? They have often provided the primary motivation for organizations’ data governance and security strategies. For the enterprise, this mindset has perpetuated the idea that data governance, data security and data privacy are reactive cost centers existing due to externally imposed requirements or mandates. Yet, what if data governance and security practices could upend the prevailing paradigm and demonstrate direct business value?…

3 min read

Protecting Against Remote Monitoring and Management Phishing

3 min read - You use remote monitoring and management (RMM) software to closely monitor your cyber environment and keep your organization safe. But now cyber criminals are specifically targeting these tools, causing legitimate software to become a vulnerability. This is the latest type of attack in an increase in a recent trend of disruptive software supply chain attacks. The Cybersecurity and Infrastructure Security Agency (CISA) recently released an alert about the malicious use of legitimate remote monitoring and management (RMM) software. Last fall,…

3 min read

Secure-by-Design: Which Comes First, Code or Security?

4 min read - For years, developers and IT security teams have been at loggerheads. While developers feel security slows progress, security teams assert that developers sacrifice security priorities in their quest to accelerate production. This disconnect results in flawed software that is vulnerable to attack. While advocates for speed and security clash, consumers must often pay the price when threat actors strike. 48% of developers admitted they were still shipping code with vulnerabilities in 2022. It’s clearly time for a change. Many believe…

4 min read