According to IBM research, security teams sift through more than 200,000 security events per day on average, leading to over 20,000 hours per year wasted chasing false positives. The need to introduce cognitive technologies into security operations centers will be critical to keep up with the anticipated doubling of security incidents over the next five years and increased regulation globally.
That's why IBM Security announced the availability of Watson for Cyber Security, the industry’s first augmented intelligence technology designed to power cognitive security operations centers (SOCs). Over the past year, Watson has been trained on the language of cybersecurity, ingesting over 1 million security documents. Watson can now help security analysts parse thousands of natural language research reports that have never before been accessible to modern security tools.
Watson for Cyber Security will be integrated into their new Cognitive SOC platform, bringing together advanced cognitive technologies with security operations and providing the ability to respond to threats across endpoints, networks, users and cloud. The centerpiece of this platform is IBM QRadar Advisor with Watson, the first tool that taps into Watson’s corpus of cybersecurity insights. This new app is already being used by Avnet, University of New Brunswick, Sopra Steria and 40 other customers globally to augment security analysts’ investigations into security incidents.
IBM has also invested in research to bring cognitive tools into its global X-Force Command Center network, including a Watson-powered chatbot currently being used to interact with IBM Managed Security Services customers. They have also revealed a new research project, code-named Havyn, pioneering a voice-powered security assistant that leverages Watson conversation technology to respond to verbal commands and natural language from security analysts.
The IBM Cognitive SOC
As security teams evolve their strategies and tactics to thwart
cybercriminals, the introduction of cognitive technologies into security operations centers will be critical to keep pace. A recent IBM study found that only 7 percent of security professionals are using cognitive tools, but that usage is expected to triple over the next 2-3 years.
The IBM Cognitive SOC platform puts cognitive technologies into security analysts’ hands, enhancing their ability to fill gaps in intelligence and act with speed and accuracy. The IBM QRadar Advisor with Watson app brings cognitive capabilities to aid security analysts in their investigations and remediation through IBM’s QRadar security intelligence platform. The solution assists in the investigation of potential threats by correlating Watson's natural language processing capabilities across security blogs, websites, research papers along with other sources, with threat intel and security incident data from QRadar, which can shorten cyber security investigations from weeks and days, to minutes.
“The Cognitive SOC is now a reality for clients looking to find an advantage against the growing legions of cybercriminals and next generation threats,” said Denis Kennelly, Vice President of Development and Technology, IBM Security. “Our investments in Watson for Cyber Security have given birth to several innovations in just under a year. Combining the unique abilities of man and machine intelligence will be critical to the next stage in the fight against advanced cybercrime.”
Cognitive Security Services and Innovations
IBM will also help clients design, build and manage cognitive security operations centers globally through IBM Managed
Security Services. Over the past five years, IBM has built over 300 security operations centers for clients in dozens of industries, including consumer packaged goods, retail, banking and education. Clients can choose to have IBM build their cognitive SOC on-premise or manage it virtually via the IBM Cloud as part of the IBM X-Force Command Center network.
IBM’s global network of X-Force Command Centers are using IBM’s cognitive capabilities like QRadar Advisor with Watson to enhance the investigation of security events. Another promising use case is a new research project code-named Havyn, which brings a voice to the cognitive SOC. The goal of Havyn is to create a voice-powered security assistant that can interact with security analysts on topics such as real-time threat updates and information on an organization’s security posture.
The Havyn project uses Watson APIs, BlueMix and IBM Cloud to provide real-time response to verbal requests and commands, accessing data from open source
security intelligence, including IBM X-Force Exchange, as well as client-specific historic data and their security tools. For example, Havyn can provide security analysts with updates on new threats that have appeared and recommended remediation steps. Havyn is currently being tested by select researchers and analysts within IBM Managed Security Services.