IBM is leveraging the power of its Watson supercomputer to thwart viruses, ransomware and DDoS attacks. On Tuesday it unveiled an ambitious plan to feed Watson billions of data points from security sources daily so that Watson can spot anomalies as they happen and stop them dead in their tracks before they can cause any harm.

Called Watson for Cyber Security, IBM says the service is about year off from being rolled out in beta form to select customers. It will be cloud-based and leverage Watson’s “cognitive technology.” But first, IBM says, it will need to be trained to better understand structured and unstructured security data.

“Watson, like anyone new to security, needs to learn what the differences between malware, ransomware, Trojans, viruses, scripting vulnerabilities and so much more are,” said Caleb Barlow, vice president, IBM Security.

To help program Watson to identify massive universe-old, current and up-and-coming threats IBM said it is partnering with eight universities including the Massachusetts Institute of Technology, California State Polytechnic University and the University of Ottawa. Students there will be tasked with “teaching” Watson to identify threats by annotating and feeding the system security reports and data.

The move by IBM is part of the company’s ongoing efforts to transform the company away from a hardware-centric firm to one based on cloud, analytics, mobile, social and security. Over the past year, IBM has made significant investments into the security space including acquiring Resilient Systems for an undisclosed sum earlier this year.

At the heart of IBM’s re-focus is its Watson supercomputer that CEO Ginni Rommety said is poised to power the “cognitive era” where businesses will succeed by making sense of big data. For its part, Watson already is behind a number of IBM AI businesses including Watson for Oncology, Explorer, Watson’s Internet of Things, Discovery Advisor, and Engagement Advisor. So far those investments have paid off, earning the company $2 billion in revenue in 2015, according to SEC filings.

“Once Watson has hit a critical mass of knowledge it won’t need much assistance at all and will be able to teach itself,” Barlow said. How long will IBM be stuck in college being taught by computer engineering students has not yet been determined, he said.

Once operational, Watson for Cyber Security will receive billions of discrete security data points from IBM customers and also be fed a steady daily diet of security blogs, white papers, video transcripts, news articles, security wikis, security alerts, CVE data, machine generated security reports, social media discussions on security and much more. Data will also include 20 years of security information from IBM’s X-Force library, IBM said, along with 75,000-plus known software vulnerabilities reported in the National Vulnerability Database, 10,000 security research papers published each year and over 60,000 security blogs published each month.

“Security analysts are severely challenged to move with informed speed based on the crushing amount of security data generated everyday,” Barlow said.

Next, IBM will leverage the power of Watson’s cognitive engine to sift through unstructured and structured data to spot trends, identify new risks and forecast attacks, Barlow said.  He estimates 80 percent of all data on the internet is unstructured and could be valuable to security professionals.

This article was updated May 12 correcting a reporting error regarding the acquisition of Resilient Systems.

Categories: Cloud Security, Critical Infrastructure, Malware, Vulnerabilities, Web Security