IBM Security has announced the availability of Watson for Cyber Security, an augmented intelligence technology designed to power cognitive security operations centers (SOCs).
IBM says that over the past year, Watson has been trained on the language of cybersecurity, ingesting over 1 million security documents, enabling it support security analysts in parsing thousands of natural language research reports that have previously not been accessible to modern security tools.
According to IBM research, security teams sift through more than 200,000 security events per day on average, resulting in more than 20,000 hours per year wasted chasing false positives. The need to introduce cognitive technologies into security operations centers will be critical to keep up with the anticipated doubling of security incidents over the next five years and increased regulation globally.
Security analysts at IBM X-Force Command Center are using Watson to augment their investigations into cybersecurity incidents. The company debuted Watson for Cyber Security, tapping a corpus of over 1 million security documents, to bring cognitive capabilities into security operations centers. IBM analysts are also experimenting with a new Watson-powered virtual assistant which uses voice response technology to better manage cybersecurity events. (John Mottern/Feature Photo Service for IBM)
Watson for Cyber Security will now be integrated into IBM's new Cognitive SOC platform, bringing together advanced cognitive technologies with security operations and providing the ability to respond to threats across endpoints, networks, users and cloud. The centerpiece of this platform is IBM QRadar Advisor with Watson, the first tool that taps into Watson's corpus of cybersecurity insights. This new app is already being used by Avnet, University of New Brunswick, Sopra Steria and 40 other customers globally to augment security analysts' investigations into security incidents.
IBM has also invested in research to bring cognitive tools into its global X-Force Command Center network, including a Watson-powered chatbot currently being used to interact with IBM Managed Security Services customers.
IBM also revealed a new research project, code-named “Havyn,” a voice-powered security assistant that leverages Watson conversation technology to respond to verbal commands and natural language from security analysts.
IBM will also help clients design, build and manage cognitive security operations centers globally through IBM Managed Security Services.
IBM's global network of X-Force Command Centers is using IBM's cognitive capabilities like QRadar Advisor with Watson to enhance the investigation of security events. Another use case is a new research project code-named Havyn, which brings a voice to the cognitive SOC to create a voice-powered security assistant that can interact with security analysts on topics such as real-time threat updates and information on an organization's security posture.
The Havyn project uses Watson APIs, BlueMix and IBM Cloud to provide real-time response to verbal requests and commands, accessing data from open source security intelligence, including IBM X-Force Exchange, as well as client-specific historic data and their security tools. For example, Havyn can provide security analysts with updates on new threats that have appeared and recommended remediation steps. Havyn is currently being tested by select researchers and analysts within IBM Managed Security Services.
Watson is also currently engaging with clients daily via a new chatbot tool deployed in IBM's X-Force Command Center network, which manages over 1 trillion security events per month. Clients can choose to ask Watson questions via instant messaging about their security posture or network configurations. For example, clients can ask Watson questions about a device or ticket status. The tool is also capable of executing commands from IBM MSS customers, such as reassigning a ticket to a new owner.
For more information on Watson for Cyber Security and the IBM Cognitive SOC, go to www-03.ibm.com/security/cognitive/