Here are thoughts from two cybersecurity experts in response to recent news that the National Institute of Standards and Technology (NIST), an agency of the US Department of Commerce, has partnered with IBM to use AI to rate the severity of publicly reported cyber vulnerabilities.
“Applying AI, and in particular Watson to the scoring of vulnerabilities will be useful for keeping up with the increased NIST work load, however, I don’t foresee this addressing the issue of organizations still not patching their systems in time. In theory, the ranking of vulnerabilities helps prioritize which systems are patched first and how soon those patches are applied. I believe this program could go a step further and score both the inherit risk, and the residual risk of vulnerabilities when other controls are in place. This would allow for real world patch prioritization scenarios where organizations can apply controls that cab be rolled out faster than a patch, and in cases where patches do not [yet] exist still reduce their exposure.”
“Artificial Intelligence is solving the manual effort problem that many organizations face. For security leaders, it’s important to know that not all AI is equal, but when the right choice is made the benefits from a time, cost, and resource perspective can be immense. For example, our large enterprise customers adopt the NIST Cybersecurity Framework (CSF) with great agility because of the AI-powered automation we incorporate and avoid misdirecting time and resources. Similar to this new AI application for bugs, dynamic threat intelligence is identified and ‘injected’ into any compliance program, on a control by control basis. This is a level of risk analysis that can only be done through the use of breakthrough tech and AI. It is no surprise NIST is delving into this area.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.