Over the past year, Watson has been trained on the language of cybersecurity, “reading” more than one million security documents. Watson can now help security analysts parse thousands of natural language research reports that have never before been accessible to modern security tools.
According to IBM research, security teams sift through more than 200,000 security events per day on average, wasting about 20,000 hours per year chasing false positives.
Watson for Cyber Security will be integrated into IBM’s new Cognitive SOC platform, bringing together advanced cognitive technologies with security operations to respond to threats across endpoints, networks, users and the cloud.
The centerpiece of this platform is IBM QRadar Advisor with Watson, the first tool that taps into Watson’s corpus of cybersecurity insights. This new app is already being used by Avnet, University of New Brunswick, Sopra Steria and 40 other customers globally to augment security analysts’ investigations into security incidents.
IBM has also invested in research to bring cognitive tools into its global X-Force Command Center network, including a Watson-powered chatbot currently being used to interact with IBM Managed Security Services customers. IBM also revealed a new research project, code-named Havyn, pioneering a voice-powered security assistant that leverages Watson conversation technology to respond to verbal commands and natural language from security analysts.
“Today’s sophisticated cybersecurity threats attack on multiple fronts to conceal their activities, and our security analysts face the difficult task of pinpointing these attacks amongst a massive sea of security-related data,” said Sean Valcamp, Chief Information Security Officer at Avnet. “Watson makes concealment efforts more difficult by quickly analyzing multiple streams of data and comparing them with the latest security attack intelligence to provide a more complete picture of the threat. Watson also generates reports on these threats in a matter of minutes, which greatly speeds the time between detecting a potential event and my security team’s ability to respond accordingly.”
As security teams evolve their strategies and tactics to thwart cybercriminals, the introduction of cognitive technologies into today’s security operations centers will be critical to keep pace. A recent IBM study found that only seven percent of security professionals are using cognitive tools today, but that usage is expected to triple over the next few years.