Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

2/13/2017
02:00 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
0%
100%

IBM Brings Watson Cognitive Computing To The SOC

Technology known for a Jeopardy stunt six years ago is now powering question answering within IBM Security's QRadar system.

IBM hopes to elevate artificial intelligence and cognitive computing way beyond party tricks and game show supremacy and as a part of that push, Big Blue picked cybersecurity as a prime market to explore the possibilities. Today, IBM announced that it's officially marrying up its cybersecurity portfolio with the vaunted Watson questioning answering system.

Known best for its performance as a "contestant" on the game show Jeopardy in 2011, Watson was engineered to ingest vast quantities of data on any given subject in order to receive and answer questions in a conversational fashion. A system specifically developed to tackle Jeopardy, this cognitive technology uses natural language processing and machine learning to sift through data sources, synthesize information contained within, find and rank hypotheses and come up with a precise answer to the user's questions.

In the ensuing six years since Watson's success in winning a $1 million first prize in Jeopardy against two human champions, IBM has not only refined Watson's engine but al so been on the look out for ideal business cases to put the technology to use. The firm has achieved early successes in medical decisioning technologies, tracking customer and social media sentiment, and analyzing satellite and municipal data to track water use for drought mitigation.

With the growing problem of alert fatigue and a shortage of skilled security analysts, the industry seemed like it was crying out for Watson's help. The idea is to pair security operations center (SOC) technologies with Watson's processing capabilities so that analysts can ask the system questions about their data and existing threat posture, and receive meaningful advice on further action.  

The announcement follows a year of learning for Watson, which for the past 12 months has been trained on the language of cybersecurity, ingesting over 1 million security documents in the process.

"We've been teaching it for basically about a year, and it’s learned a lot along the way and it’s got a lot smarter along the way. It can read a ton more than it ever could before," says Caleb Barlow, vice president of threat intelligence for IBM Security. "And now we're at the point where it’s kind of graduated college and it’s time to go get that first real job."

According to Barlow, IBM's intent is to take the strain off of teams who can't afford or find enough skilled operators to manage the volume of advanced threats that barrage enterprise networks. Not only will they be able to make faster decisions, but they should be able to do it with more complete data. For instance, he referenced one competition a customer created during beta where they pit a team of experienced analysts against a team of junior analysts armed with Watson. They were given a certain security incident and an hour to look into it. The skilled analysts were able to confirm that attackers were testing the  network with an attempt at brute force password attacks, but believed that nothing further had occurred. Meanwhile, the Watson team identified those attempts but also were able to connect it with a form of malware, and then identify that the malware was actually on the network tied to the same threat actor.

"So, as you can imagine, that’s a very exciting find for that security team," Barlow says, "because now they know exactly how to go to address it, and they know, 'Wait a minute, this isn’t somebody who’s knocking at the door, this entity’s actually already in the door; they're just trying to get more access.'"

The centerpiece of what IBM calls its Cognitive SOC paltform will be IBM QRadar Watson Advisor, which brings together Watson with its QRadar security intelligence platform. The natural language processing capabilities will sift through a variety of security sources, including security blogs, websites, research papers and combine that with threat intelligence and security data from users' QRadar systems.  IBM will also be bringing cognitive tools to its global X-Force Command Center network and has rolled out a Watson-powered chat bot for IBM Managed Security Services customers.  Additionally, the company has a new project codenamed Havyn, which plans to also add voice-activated capabilities so that analysts can query the system by speaking plain-language questions aloud.

Related Content:

 

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
WyattR
50%
50%
WyattR,
User Rank: Apprentice
9/5/2017 | 7:55:00 AM
Thoughts on Watson
Very interesting. Watson was revolutionary when it won Jeopardy. I remember thinking, Wow this thing is going to only grow and become more advanced, and be able to help companies all over the world become way more efficient. Looks like now that is finally starting to take place, in security measures. Pretty cool stuff.
Security_Sifu
50%
50%
Security_Sifu,
User Rank: Apprentice
2/13/2017 | 5:43:15 PM
Watson focused on Information Security SOC Work
Very insteresting read.  I find many organizations utilizing "Big Data", "Neural Networks", and "Machine Learning" to be little more than signatures based on behaviors.  It will be interesting to see how this competes with Cylance in identifying positive and negative payloads.
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
10 Notable Security Acquisitions of 2019 (So Far)
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12865
PUBLISHED: 2019-06-17
In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command.
CVE-2017-10720
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi name. This application is installed o...
CVE-2017-10721
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car ga...
CVE-2017-10722
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi password. This application is install...
CVE-2017-10723
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows it...