Threat Intelligence

2/13/2017
02:00 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
0%
100%

IBM Brings Watson Cognitive Computing To The SOC

Technology known for a Jeopardy stunt six years ago is now powering question answering within IBM Security's QRadar system.

IBM hopes to elevate artificial intelligence and cognitive computing way beyond party tricks and game show supremacy and as a part of that push, Big Blue picked cybersecurity as a prime market to explore the possibilities. Today, IBM announced that it's officially marrying up its cybersecurity portfolio with the vaunted Watson questioning answering system.

Known best for its performance as a "contestant" on the game show Jeopardy in 2011, Watson was engineered to ingest vast quantities of data on any given subject in order to receive and answer questions in a conversational fashion. A system specifically developed to tackle Jeopardy, this cognitive technology uses natural language processing and machine learning to sift through data sources, synthesize information contained within, find and rank hypotheses and come up with a precise answer to the user's questions.

In the ensuing six years since Watson's success in winning a $1 million first prize in Jeopardy against two human champions, IBM has not only refined Watson's engine but al so been on the look out for ideal business cases to put the technology to use. The firm has achieved early successes in medical decisioning technologies, tracking customer and social media sentiment, and analyzing satellite and municipal data to track water use for drought mitigation.

With the growing problem of alert fatigue and a shortage of skilled security analysts, the industry seemed like it was crying out for Watson's help. The idea is to pair security operations center (SOC) technologies with Watson's processing capabilities so that analysts can ask the system questions about their data and existing threat posture, and receive meaningful advice on further action.  

The announcement follows a year of learning for Watson, which for the past 12 months has been trained on the language of cybersecurity, ingesting over 1 million security documents in the process.

"We've been teaching it for basically about a year, and it’s learned a lot along the way and it’s got a lot smarter along the way. It can read a ton more than it ever could before," says Caleb Barlow, vice president of threat intelligence for IBM Security. "And now we're at the point where it’s kind of graduated college and it’s time to go get that first real job."

According to Barlow, IBM's intent is to take the strain off of teams who can't afford or find enough skilled operators to manage the volume of advanced threats that barrage enterprise networks. Not only will they be able to make faster decisions, but they should be able to do it with more complete data. For instance, he referenced one competition a customer created during beta where they pit a team of experienced analysts against a team of junior analysts armed with Watson. They were given a certain security incident and an hour to look into it. The skilled analysts were able to confirm that attackers were testing the  network with an attempt at brute force password attacks, but believed that nothing further had occurred. Meanwhile, the Watson team identified those attempts but also were able to connect it with a form of malware, and then identify that the malware was actually on the network tied to the same threat actor.

"So, as you can imagine, that’s a very exciting find for that security team," Barlow says, "because now they know exactly how to go to address it, and they know, 'Wait a minute, this isn’t somebody who’s knocking at the door, this entity’s actually already in the door; they're just trying to get more access.'"

The centerpiece of what IBM calls its Cognitive SOC paltform will be IBM QRadar Watson Advisor, which brings together Watson with its QRadar security intelligence platform. The natural language processing capabilities will sift through a variety of security sources, including security blogs, websites, research papers and combine that with threat intelligence and security data from users' QRadar systems.  IBM will also be bringing cognitive tools to its global X-Force Command Center network and has rolled out a Watson-powered chat bot for IBM Managed Security Services customers.  Additionally, the company has a new project codenamed Havyn, which plans to also add voice-activated capabilities so that analysts can query the system by speaking plain-language questions aloud.

Related Content:

 

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WyattR
50%
50%
WyattR,
User Rank: Apprentice
9/5/2017 | 7:55:00 AM
Thoughts on Watson
Very interesting. Watson was revolutionary when it won Jeopardy. I remember thinking, Wow this thing is going to only grow and become more advanced, and be able to help companies all over the world become way more efficient. Looks like now that is finally starting to take place, in security measures. Pretty cool stuff.
Security_Sifu
50%
50%
Security_Sifu,
User Rank: Apprentice
2/13/2017 | 5:43:15 PM
Watson focused on Information Security SOC Work
Very insteresting read.  I find many organizations utilizing "Big Data", "Neural Networks", and "Machine Learning" to be little more than signatures based on behaviors.  It will be interesting to see how this competes with Cylance in identifying positive and negative payloads.
6 Ways Greed Has a Negative Effect on Cybersecurity
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA ,  6/11/2018
Weaponizing IPv6 to Bypass IPv4 Security
John Anderson, Principal Security Consultant, Trustwave Spiderlabs,  6/12/2018
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12026
PUBLISHED: 2018-06-17
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in tur...
CVE-2018-12027
PUBLISHED: 2018-06-17
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said ...
CVE-2018-12028
PUBLISHED: 2018-06-17
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an e...
CVE-2018-12029
PUBLISHED: 2018-06-17
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...
CVE-2018-12071
PUBLISHED: 2018-06-17
A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.