Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

2/13/2017
02:00 PM
Connect Directly
Twitter
RSS
E-Mail
0%
100%

IBM Brings Watson Cognitive Computing To The SOC

Technology known for a Jeopardy stunt six years ago is now powering question answering within IBM Security's QRadar system.

IBM hopes to elevate artificial intelligence and cognitive computing way beyond party tricks and game show supremacy and as a part of that push, Big Blue picked cybersecurity as a prime market to explore the possibilities. Today, IBM announced that it's officially marrying up its cybersecurity portfolio with the vaunted Watson questioning answering system.

Known best for its performance as a "contestant" on the game show Jeopardy in 2011, Watson was engineered to ingest vast quantities of data on any given subject in order to receive and answer questions in a conversational fashion. A system specifically developed to tackle Jeopardy, this cognitive technology uses natural language processing and machine learning to sift through data sources, synthesize information contained within, find and rank hypotheses and come up with a precise answer to the user's questions.

In the ensuing six years since Watson's success in winning a $1 million first prize in Jeopardy against two human champions, IBM has not only refined Watson's engine but al so been on the look out for ideal business cases to put the technology to use. The firm has achieved early successes in medical decisioning technologies, tracking customer and social media sentiment, and analyzing satellite and municipal data to track water use for drought mitigation.

With the growing problem of alert fatigue and a shortage of skilled security analysts, the industry seemed like it was crying out for Watson's help. The idea is to pair security operations center (SOC) technologies with Watson's processing capabilities so that analysts can ask the system questions about their data and existing threat posture, and receive meaningful advice on further action.  

The announcement follows a year of learning for Watson, which for the past 12 months has been trained on the language of cybersecurity, ingesting over 1 million security documents in the process.

"We've been teaching it for basically about a year, and it’s learned a lot along the way and it’s got a lot smarter along the way. It can read a ton more than it ever could before," says Caleb Barlow, vice president of threat intelligence for IBM Security. "And now we're at the point where it’s kind of graduated college and it’s time to go get that first real job."

According to Barlow, IBM's intent is to take the strain off of teams who can't afford or find enough skilled operators to manage the volume of advanced threats that barrage enterprise networks. Not only will they be able to make faster decisions, but they should be able to do it with more complete data. For instance, he referenced one competition a customer created during beta where they pit a team of experienced analysts against a team of junior analysts armed with Watson. They were given a certain security incident and an hour to look into it. The skilled analysts were able to confirm that attackers were testing the  network with an attempt at brute force password attacks, but believed that nothing further had occurred. Meanwhile, the Watson team identified those attempts but also were able to connect it with a form of malware, and then identify that the malware was actually on the network tied to the same threat actor.

"So, as you can imagine, that’s a very exciting find for that security team," Barlow says, "because now they know exactly how to go to address it, and they know, 'Wait a minute, this isn’t somebody who’s knocking at the door, this entity’s actually already in the door; they're just trying to get more access.'"

The centerpiece of what IBM calls its Cognitive SOC paltform will be IBM QRadar Watson Advisor, which brings together Watson with its QRadar security intelligence platform. The natural language processing capabilities will sift through a variety of security sources, including security blogs, websites, research papers and combine that with threat intelligence and security data from users' QRadar systems.  IBM will also be bringing cognitive tools to its global X-Force Command Center network and has rolled out a Watson-powered chat bot for IBM Managed Security Services customers.  Additionally, the company has a new project codenamed Havyn, which plans to also add voice-activated capabilities so that analysts can query the system by speaking plain-language questions aloud.

Related Content:

 

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WyattR
50%
50%
WyattR,
User Rank: Apprentice
9/5/2017 | 7:55:00 AM
Thoughts on Watson
Very interesting. Watson was revolutionary when it won Jeopardy. I remember thinking, Wow this thing is going to only grow and become more advanced, and be able to help companies all over the world become way more efficient. Looks like now that is finally starting to take place, in security measures. Pretty cool stuff.
Security_Sifu
50%
50%
Security_Sifu,
User Rank: Apprentice
2/13/2017 | 5:43:15 PM
Watson focused on Information Security SOC Work
Very insteresting read.  I find many organizations utilizing "Big Data", "Neural Networks", and "Machine Learning" to be little more than signatures based on behaviors.  It will be interesting to see how this competes with Cylance in identifying positive and negative payloads.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...