IBM Watson to Now Forbid Cyberattacks with Power Cognitive Security Operations Centers

IBM Security gives the power of augmented intelligence technology with power of cognitive security operations centers

IBM Security announces the industry’s first augmented intelligence technology designed to power cognitive security operations centers (SOCs). The New Watson is known to been trained on the language of cybersecurity, ingesting over 1 million security documents.

Watson can now help security analysts parse thousands of natural language research reports that have never before been accessible to modern security tools.

Watson for Cyber Security will be integrated into IBM’s new Cognitive SOC platform, bringing together advanced cognitive technologies with security operations and providing the ability to respond to threats across endpoints, networks, users and cloud. The centerpiece of this platform is IBM QRadar Advisor with Watson, the first tool that taps into Watson’s corpus of cybersecurity insights. This new app is already being used by Avnet, University of New Brunswick, Sopra Steria and 40 other customers globally to augment security analysts’ investigations into security incidents.

IBM has also asserted its investment in research to bring cognitive tools into its global X-Force Command Center network, including a Watson-powered chatbot currently being used to interact with IBM Managed Security Services customers. IBM also revealed a new research project, code-named Havyn, pioneering a voice-powered security assistant that leverages Watson conversation technology to respond to verbal commands and natural language from security analysts.

“Today’s sophisticated cybersecurity threats attack on multiple fronts to conceal their activities, and our security analysts face the difficult task of pinpointing these attacks amongst a massive sea of security-related data,” said Sean Valcamp, Chief Information Security Officer at Avnet. “Watson makes concealment efforts more difficult by quickly analyzing multiple streams of data and comparing them with the latest security attack intelligence to provide a more complete picture of the threat. Watson also generates reports on these threats in a matter of minutes, which greatly speeds the time between detecting a potential event and my security team’s ability to respond accordingly.”

The IBM Cognitive SOC platform puts cognitive technologies into security analyst hands, enhancing security team ability to fill gaps in intelligence and act with speed and accuracy.

The IBM QRadar Advisor with Watson app brings cognitive capabilities to aid security analysts in their investigations and remediation through IBM’s QRadar security intelligence platform.

The solution assists in the investigation of potential threats by correlating Watson’s natural language processing capabilities across security blogs, websites, research papers along with other sources, with threat intel and security incident data from QRadar, which can shorten cyber security investigations from weeks and days, to minutes.

“The Cognitive SOC is now a reality for clients looking to find an advantage against the growing legions of cybercriminals and next generation threats,” said Denis Kennelly, Vice President of Development and Technology, IBM Security. “Our investments in Watson for Cyber Security have given birth to several innovations in just under a year. Combining the unique abilities of man and machine intelligence will be critical to the next stage in the fight against advanced cybercrime.”

To extend the ability of the Cognitive SOC to endpoints, IBM Security also is announcing a new endpoint detection and response (EDR) solution called IBM BigFix Detect. The solution helps organizations gain full visibility into the constantly changing endpoint threat landscape while bridging the gap between malicious behavior detection and remediation. BigFix Detect is making EDR accessible and actionable, providing security analysts with the ability to see, understand and act on threats across their endpoints through a single platform, and delivers targeted remediation on impacted endpoints enterprise-wide in minutes.

When paired with the orchestration and automation capabilities of IBM Resilient’s Incident Response Platform (IRP), clients can turn cognitive SOC insight into action across enrichment, remediation, and mitigation functions. The IBM Cognitive SOC also brings together other technologies from IBM Security including i2 for cyber threat hunting and IBM X-Force Exchange.

IBM will also help clients design, build and manage cognitive security operations centers globally through IBM Managed Security Services. Clients can choose to have IBM build their cognitive SOC on-premise or manage it virtually via the IBM Cloud as part of the IBM X-Force Command Center network.

Watson is also currently engaging with clients daily via a new chatbot tool deployed in IBM’s X-Force Command Center network, which manages over 1 trillion security events per month. Clients can choose to ask Watson questions via instant messaging about their security posture or network configurations.