Story image

IBM Watson has a new job: Cognitive cybersecurity expert

15 Feb 17

The industry’s first augmented intelligence tech will be used to power cognitive security operations centres (SOCs).

Watson has spent the past year training in cybersecurity language from more than one million security documents. It can now help security analysts parse through natural language research reports previously inaccessible to security tools.

Watson for Cyber Security will be integrated into IBM’s Cognitive SOC platform, fusing cognitive technology with security operations.

IBM research shows that security teams spend more than 20,000 wasted hours per year chasing false positive. Security operations centres will keep up with the anticipated doubling of security incidents over the next five years.

IBM QRadar Advisor with Watson is the first technology to use Watson’s insights, now inside IBM’s global network of X-Force Command Centres.

QRadar is also being used by Avnet and other global customers.

"Watson makes concealment efforts more difficult by quickly analysing multiple streams of data and comparing them with the latest security attack intelligence to provide a more complete picture of the threat. Watson also generates reports on these threats in a matter of minutes, which greatly speeds the time between detecting a potential event and my security team's ability to respond accordingly,” says said Sean Valcamp, Avnet CISO.

IBM is putting Watson to use not just in cybersecurity, but in other areas of the business.

Watson has been powering an IBM chatbot which is being used to interact with IBM Managed Security Services customers.

On top of that, IBM’s new research project ‘Hayvn’ uses a voice-powered security assistant that uses Watson conversation technology to respond to verbal commands and natural language from security analysts, such as updating analysts on new threats and recommended remediation. It is still in the testing phase.

Looking at the SOCs themselves, IBM says cognitive technologies will be a crucial part of keepimg up with threats. Within the next 2-3 years, cognitive tool usage is expected to triple from its current 7% rate.

Denis Kennelly, IBM Security’s vice president of development and technology, says the cognitive SOC is now a reality in the fight against cyber threats.

"Our investments in Watson for Cyber Security have given birth to several innovations in just under a year. Combining the unique abilities of man and machine intelligence will be critical to the next stage in the fight against advanced cybercrime,” Kennelley says.

IBM Security is also looking to take Cognitive SOC to endpoints, by launching IBM BigFix Direct, a new endpoint detection and response solution. The company says EDR will be accessible and actionable so that analysts can understand and act on threats across endpoints through a single platform.

The IBM Cognitive SOC will also use technologies such as i2 for cyber threat hunting and IBM X-Force Exchange, the company says. 

Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.
Juniper simplifies data integration to improve threat detection
Updates to the Juniper Advanced Threat Prevention Appliances leverage third-party firewalls and security data sources.
Is mobile shopping compromising your enterprise security?
When employees do their holiday shopping on company resources, security teams have a challenge with the surge in browsing and online transactions.
Different approach to malware detection needed – VMware
Security needs to move away from the traditional approach of chasing after arbitrary forms of malware.
Modernising ERP systems can help organisations comply with GDPR
“Organisations need to look for modern ERP systems that are specifically designed with GDPR in mind."
Cyber attacks develop complexity, target Windows sysad tools - report
The report explores changes in the threat landscape over the past year, uncovering trends and how they are expected to impact cybersecurity in 2019.
DanaBot banking Trojan: How to protect your organisation
DanaBot is a Trojan written in the Delphi programming language that includes banking site web injections and stealer functions.
Ping Identity announces new Identity-as-a-Service solution
PingOne for Customers is built for the developer community and provides API-based identity services for customer-facing applications.