The industry’s first augmented intelligence tech will be used to power cognitive security operations centres (SOCs).
Watson has spent the past year training in cybersecurity language from more than one million security documents. It can now help security analysts parse through natural language research reports previously inaccessible to security tools.
Watson for Cyber Security will be integrated into IBM’s Cognitive SOC platform, fusing cognitive technology with security operations.
IBM research shows that security teams spend more than 20,000 wasted hours per year chasing false positive. Security operations centres will keep up with the anticipated doubling of security incidents over the next five years.
IBM QRadar Advisor with Watson is the first technology to use Watson’s insights, now inside IBM’s global network of X-Force Command Centres.
QRadar is also being used by Avnet and other global customers.
"Watson makes concealment efforts more difficult by quickly analysing multiple streams of data and comparing them with the latest security attack intelligence to provide a more complete picture of the threat. Watson also generates reports on these threats in a matter of minutes, which greatly speeds the time between detecting a potential event and my security team's ability to respond accordingly,” says said Sean Valcamp, Avnet CISO.
IBM is putting Watson to use not just in cybersecurity, but in other areas of the business.
Watson has been powering an IBM chatbot which is being used to interact with IBM Managed Security Services customers.
On top of that, IBM’s new research project ‘Hayvn’ uses a voice-powered security assistant that uses Watson conversation technology to respond to verbal commands and natural language from security analysts, such as updating analysts on new threats and recommended remediation. It is still in the testing phase.
Looking at the SOCs themselves, IBM says cognitive technologies will be a crucial part of keepimg up with threats. Within the next 2-3 years, cognitive tool usage is expected to triple from its current 7% rate.
Denis Kennelly, IBM Security’s vice president of development and technology, says the cognitive SOC is now a reality in the fight against cyber threats.
"Our investments in Watson for Cyber Security have given birth to several innovations in just under a year. Combining the unique abilities of man and machine intelligence will be critical to the next stage in the fight against advanced cybercrime,” Kennelley says.
IBM Security is also looking to take Cognitive SOC to endpoints, by launching IBM BigFix Direct, a new endpoint detection and response solution. The company says EDR will be accessible and actionable so that analysts can understand and act on threats across endpoints through a single platform.
The IBM Cognitive SOC will also use technologies such as i2 for cyber threat hunting and IBM X-Force Exchange, the company says.