Tony Stark Has Jarvis. And Now IBM Has Havyn

What started as a father and son weekend project could change how cybersecurity works.
HavynStillTA.jpg
IBM

Last October, 11-year-old Evan Spisak wandered down to his father’s basement workshop to help out on a weekend project, a time-honored tradition in homes across the country. But Evan’s father, Mike, is an IBM master inventor. And what they came up with was no birdhouse or pinewood derby car. It was Havyn, a homegrown voice assistant that taps into IBM’s enormous cybersecurity infrastructure, putting Watson’s AI smarts at their literal beck and call.

While Spisak likens his creation to Tony Stark’s “Jarvis” AI assistant, the shortest path to understanding its importance isn’t though comics mythology. Think of Havyn, instead, as a highly specific analog to Amazon’s Alexa voice assistant. Instead of connecting users to Spotify or online shopping carts, it helps fight cyberthreats.

And while Havyn may have started as spare-time tinkering, a dozen analysts at IBM’s X-Force Command Centers---the G.I. Joe name the company gives its security operations hubs---in Atlanta, Boulder, Poland, and Costa Rica are already testing it in the real world.

Some fathers and sons bond over football. Some like to cook. Evan and Mike Spisak invented an interface that could help fundamentally improve how cybersecurity works.

Origin Story

The Havyn project started, appropriately enough, with a question.

That fall weekend, Mike showed Evan IBM’s “Security Services Virtual Analyst,” a fancy name for a Watson-based chatbot capable of fielding basic queries through the keyboard. As a kid growing up in the age of Siri might, Evan wondered why the need for all the typing.

“Why can’t you talk to it,” Evan asked. As it turns out, you could. And with relative ease.

The Spisaks bought a Raspberry Pi---a $35 microcomputer---along with a 7-inch touchscreen interface that doesn’t cost much more. He and Evan then raided Bluemix, IBM’s cloud platform, for pre-existing “recipes” of code to give their experiment some basic functionality. That, along with some tinkering with specific dialog, was enough to get a generalized voice assistant up and running. Giving it cybersecurity bona fides was simply a matter of tapping into IBM’s cloud-based cyber threat intelligence platform, X-Force Exchange.

“Now all of a sudden we were able to ask questions about cybersecurity, and get answers,” says Spisak.

Mike and Evan Spisak working with Havyn.

IBM

As the weeks went by, Spisak found himself talking with the new interface daily, asking both about general developments in cybersecurity, mostly centered on new threats that had surfaced. When the conversations became frequent enough to merit a formal moniker, father and son went to a baby-naming website for inspiration. They settled on Havyn, as in “safe haven.”

“We took the ‘y’ spelling because it looked cool,” says Spisak.

Improvements continued as time allowed. Spisak hooked Havyn up to IBM BigFix, and endpoint security manager that can ascertain not just what cyberthreats exist, but whether any directly impact a given system. Eventually, Spisak gave Havyn an avatar inspired by Watson’s original logo, because he “felt a little nutty talking to a computer.”

By the time Thanksgiving came around, Spisak felt confident enough in Hayvn---and optimistic enough about its real-world utility---that he started showing it off to his IBM colleagues. The consensus? Mike, and Evan, were onto something.

Cyber Assistant

Understanding why Havyn could be so transformative requires some clarifications of scale.

First, it’s best to think of Havyn as complementary to current cybersecurity workflows, rather than a wholesale replacement. Spisak likens its potential role to that of the elaborate second-screen experience offered by The Walking Dead’s Story Sync interactive app. In either case---zombies or hackers---your main focus will always be on swatting away intruders. But if you want extra info along the way, it’s available.

“There’s all kinds of things that our analysts do today, and some of them take a lot of time,” says Spisak. Security personnel typically have to navigate multiple systems and contextualize mountains of data in real-time, a plate-spinning act under the best of circumstances. “Maybe it’ll be faster for them to just speak.”

In the same way it’s easier to ask Alexa to set a kitchen timer when you’re wrists-deep in raw chicken, analysts can offload a task to Havyn while they’re engaged in some other typing-intensive mission. Or lots of tasks; Havyn is multithreaded, capable of fielding lots of queries all at once.

Which gets us to the second dose of perspective that explains Havyn’s potential worth. IBM research estimates that security teams have to deal with, on average, 200,000 individual events every single day. That’s more than any human, or most teams of humans, can hope to process.

That’s a big reason IBM has trained Watson, its Jeopardy-winning, cookbook-writing, all-knowing supercomputer, on cybersecurity over the last year or so. By reading all available cybersecurity literature and parsing every threat, Watson for Cybersecurity helps analysts minimize false positives, and know which of those 200,000 alerts merits specific attention. For all the flash and pomp around cognitive computing, Watson’s main job, as it exits its beta and enters the real world, is to save time.

That’s Havyn’s aim as well. It doesn’t understand cyber threats better than any of IBM’s existing offerings, in the same way that Alexa doesn’t understand the five-day forecast any better than AccuWeather.

“These are things analysts could be doing on their own, but it takes them five or eight minutes,” says Justin Grant, director of strategy for IBM Managed Security Services, whose teams are running the Havyn beta. “And when you have security alerts that never cease, just coming wave after wave after wave… As they’re going through those alerts, to have somebody help you stay ahead is incredibly valuable in terms of speed and accuracy.”

Learning Curve

If there’s a caveat to all of this, it’s that no one’s sure exactly how useful Havyn might be. Or more specifically, it’s still not clear exactly how analysts will use it. Then again, that’s part of the fun.

“My guess is we’re going to see a lot of hybrid approach from our analysts,” says Grant. “A more complicated query they may just want to speak through… But a lot of quick interactions, once the data’s up there, you just want to click to get to that next level.”

IBM

And just as analysts will learn how best to work with Havyn, the Watson-powered voice assistant will be able to learn from its interactions as well. In existing demos, it primarily deals out high-level information, broad overviews of new cyber threats and which are most concerning. Eventually, it could not just respond, but anticipate.

“I have this vision of having an analyst rolling up their sleeve, saying they need to get to work, and Havyn saying ‘I already know what you need,’” says Spisak.

All that would sound lofty for the work of a dedicated research team, much less a father and son tinkering with a Raspberry Pi on the weekends. But consider how far Havyn come in just four months, and that there are already plans to expand the beta from a dozen IBM analysts to 50. Consider, too, that IBM has all the software it needs waiting in the wings, and the hardware investment is negligble.

So yes, exactly how Havyn will change cybersecurity remains very much to be determined. That’s not a knock against it, though. In fact, it’s Havyn’s greatest strength.

https://www.youtube.com/watch?v=nVyqGKhLBcY