Power Cognitive Security Operations Centers
·
Over 40 Companies
Across a Dozen Industries Tap Watson Security Technology
·
New Innovations
Include Watson-Powered Chatbot & Voice-Powered Security Assistant Research
Project
CAMBRIDGE,
MA – 13 February 2017– IBM Security (NYSE: IBM)today
announced the availability of Watson for Cyber Security, the industry’s first
augmented intelligence technology designed to power cognitive security
operations centers (SOCs). Over the past year, Watson has been trained on the
language of cybersecurity, ingesting over 1 million security documents. Watson
can now help security analysts parse thousands of natural language research
reports that have never before been accessible to modern security tools.
According
to IBM research, security teams sift through more than 200,000 security events
per day on average, leading to over 20,000 hours per year wasted chasing false
positives.Infographic: Watson for Cyber Security: Shining
a light on Unstructured DataThe need to introduce cognitive technologies
into security operations centers will be critical to keep up with the
anticipated doubling of security incidents over the next five years and
increased regulation globally.IBM 2016 Cyber Security Intelligence Index
analysis
Watson
for Cyber Security will be integrated into IBM’s new Cognitive SOC platform,
bringing together advanced cognitive technologies with security operations and
providing the ability to respond to threats across endpoints, networks, users
and cloud. The centerpiece of this platform is IBM QRadar Advisor with
Watson, the first tool that taps into Watson’s corpus
of cybersecurity insights. This new app is already being used by Avnet,
University of New Brunswick, Sopra Steria and 40 other customers globally to
augment security analysts’ investigations into security incidents.
IBM
has also invested in research to bring cognitive tools into its global X-Force
Command Center network, including a Watson-powered chatbot currently being used
to interact with IBM Managed Security Services customers. IBM also revealed a
new research project, code-named Havyn, pioneering a voice-powered security
assistant that leverages Watson conversation technology to respond to verbal
commands and natural language from security analysts.
“Today’s
sophisticated cybersecurity threats attack on multiple fronts to conceal their
activities, and our security analysts face the difficult task of pinpointing
these attacks amongst a massive sea of security-related data,” said Sean
Valcamp, Chief Information Security Officer at Avnet. “Watson makes
concealment efforts more difficult by quickly analyzing multiple streams of
data and comparing them with the latest security attack intelligence to provide
a more complete picture of the threat. Watson also generates reports on these
threats in a matter of minutes, which greatly speeds the time between detecting
a potential event and my security team’s ability to respond accordingly.”
The
IBM Cognitive SOC
As
security teams evolve their strategies and tactics to thwart cybercriminals,
the introduction of cognitive technologies into today’s security operations
centers will be critical to keep pace. A recent IBM study found that only 7
percent of security professionals are using cognitive tools today, but that
usage is expected to triple over the next 2-3 years. IBM Institute of Business Value Study:
Cybersecurity in the Cognitive Era
The
IBM Cognitive SOC platform puts cognitive technologies into security analystss
hands, enhancing their ability to fill gaps in intelligence and act with speed
and accuracy. The IBM QRadar Advisor with Watson app brings cognitive
capabilities to aid security analysts in their investigations and remediation
through IBM’s QRadar security intelligence platform. The solution assists in
the investigation of potential threats by correlating Watson’s natural language
processing capabilities across security blogs, websites, research papers along
with other sources, with threat intel and security incident data from QRadar,
which can shorten cyber security investigations from weeks and days, to
minutes.
“The
Cognitive SOC is now a reality for clients looking to find an advantage against
the growing legions of cybercriminals and next generation threats,” said Denis
Kennelly, Vice President of Development and Technology, IBM Security. “Our
investments in Watson for Cyber Security have given birth to several
innovations in just under a year. Combining the unique abilities of man and
machine intelligence will be critical to the next stage in the fight against
advanced cybercrime.”
To
extend the ability of the Cognitive SOC to endpoints, IBM Security also is
announcing a new endpoint detection and response (EDR) solution called IBM BigFix Detect. The
solution helps organizations gain full visibility into the constantly changing
endpoint threat landscape while bridging the gap between malicious behavior
detection and remediation. BigFix Detect is making EDR accessible and actionable,
providing security analysts with the ability to see, understand and act on
threats across their endpoints through a single platform, and delivers targeted
remediation on impacted endpoints enterprise-wide in minutes.
When
paired with the orchestration and automation capabilities of IBM Resilient’s
Incident Response Platform (IRP), clients can turn cognitive SOC insight into
action across enrichment, remediation, and mitigation functions. The IBM
Cognitive SOC also brings together other technologies from IBM Security
including i2 for cyber threat hunting and IBM X-Force Exchange.
Cognitive
Security Services and Innovations
IBM
will also help clients design, build and manage cognitive security operations
centers globally through IBM Managed Security Services. Over the past five
years, IBM has built over 300 security operations centers for clients in dozens
of industries, including consumer packaged goods, retail, banking and
education. Clients can choose to have IBM build their cognitive SOC on-premise
or manage it virtually via the IBM Cloud as part of the IBM X-Force Command
Center network.
IBM’s
global network of X-Force Command Centers are using IBM’s cognitive
capabilities like QRadar Advisor with Watson to enhance the investigation of
security events. Another promising use case is a new research project
code-named Havyn, which brings a voice to the cognitive SOC. The goal of Havyn
is to create a voice-powered security assistant that can interact with security
analysts on topics such as real-time threat updates and information on an
organization’s security posture.
The
Havyn project uses Watson APIs, BlueMix and IBM Cloud to provide real-time
response to verbal requests and commands, accessing data from open source
security intelligence, including IBM X-Force Exchange, as well as
client-specific historic data and their security tools. For example, Havyn can
provide security analysts with updates on new threats that have appeared and
recommended remediation steps. Havyn is currently being tested by select
researchers and analysts within IBM Managed Security Services.
Watson
is also currently engaging with clients daily via a new chatbot tool deployed
in IBM’s X-Force Command Center network, which manages over 1 trillion security
events per month. Clients can choose to ask Watson questions via instant
messaging about their security posture or network configurations. For example,
clients can ask Watson questions about a device or ticket status. The tool is
also capable of executing commands from IBM MSS customers, such as reassigning
a ticket to a new owner.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!