IBM Watson for Cyber Security – the first ever augmented intelligence technology – in now available, which while working with IBM’s new Cognitive SOC platform will bring together advanced cognitive technologies into security operations centers.
IBM has trained Watson on the language of cyber security using over 1 million security documents and the team behind Watson for Cyber Security is confident that the supercomputer will be able to help security analysts parse thousands of natural language research reports that have never before been accessible to modern security tools.
Watson for Cyber Security will be mated with IBM’s new Cognitive SOC platform that will enable security teams around the world to respond to threats across endpoints, networks, users and cloud. IBM QRadar Advisor with Watson is the centerpiece of the platform, which taps into Watson’s corpus of cybersecurity insights. This new app is already being used by Avnet, University of New Brunswick, Sopra Steria and 40 other customers globally to augment security analysts’ investigations into security incidents.
The IBM Cognitive SOC platform puts cognitive technologies into security analysts’ hands, enhancing their ability to fill gaps in intelligence and act with speed and accuracy. The IBM QRadar Advisor with Watson app brings cognitive capabilities to aid security analysts in their investigations and remediation through IBM’s QRadar security intelligence platform. The solution assists in the investigation of potential threats by correlating Watson’s natural language processing capabilities across security blogs, websites, research papers along with other sources, with threat intel and security incident data from QRadar, which can shorten cyber security investigations from weeks and days, to minutes.
The need for Watson for Cyber Security and its associated technologies and apps is rooted in the fact that security teams sift through more than 200,000 security events per day on average, leading to over 20,000 hours per year wasted chasing false positives. There is an urgent need to bring in the advances in the field of cognitive technologies to aid security experts and teams around the world to not only reduce the burden of repetitive tasks, but also to gain a head start over cyber criminals and attackers by put in place measures that deter attacks in the first place.
IBM has also invested in research to bring cognitive tools into its global X-Force Command Center network, including a Watson-powered chatbot currently being used to interact with IBM Managed Security Services customers. IBM also revealed a new research project, code-named Havyn, pioneering a voice-powered security assistant that leverages Watson conversation technology to respond to verbal commands and natural language from security analysts.
IBM Security has also announced a new endpoint detection and response (EDR) solution called IBM BigFix Detect that will effectively extend the ability of the Cognitive SOC to endpoints. BigFix will help organizations gain full visibility into the constantly changing endpoint threat landscape while bridging the gap between malicious behavior detection and remediation.
When paired with the orchestration and automation capabilities of IBM Resilient’s Incident Response Platform (IRP), clients can turn cognitive SOC insight into action across enrichment, remediation, and mitigation functions. The IBM Cognitive SOC also brings together other technologies from IBM Security including i2 for cyber threat hunting and IBM X-Force Exchange.