For the past year, IBM has been investing in cognitive security, with much of this effort centered around an initiative to train Watson on the language of cybersecurity. The company has taken the next step, by launching the first commercially available technology leveraging Watson for cybersecurity.
The need for cognitive tools (including AI) in the security operations center has never been more acute. Security teams around the world are wasting over 20,000 hours per year chasing false positives, dealing with average of 200,000 security events per day, according to IBM stats; couple this with the fact that security teams can’t fill open positions, so augmenting the capabilities of analysts has become a priority.
Watson for Cyber Security in beta has ingested over 1 million security documents since May and has been tested with over 40 clients including Avnet, Sun Life Financial and University of New Brunswick.
Now, IBM has integrated into IBM’s new Cognitive SOC platform for the future security operation center, including new Watson-powered tools for investigating security events and new services for building these SOCs. These include Watson-powered chatbot currently being used to interact with IBM Managed Security Services customers.
The centerpiece of this platform is IBM QRadar Advisor with Watson, the first tool that taps into Watson’s corpus of cybersecurity insights.
IBM also revealed a new research project, code-named Havyn, pioneering a voice-powered security assistant that leverages Watson conversation technology to respond to verbal commands and natural language from security analysts.
"Today's sophisticated cybersecurity threats attack on multiple fronts to conceal their activities, and our security analysts face the difficult task of pinpointing these attacks amongst a massive sea of security-related data," said Sean Valcamp, CISO at Avnet. "Watson makes concealment efforts more difficult by quickly analyzing multiple streams of data and comparing them with the latest security attack intelligence to provide a more complete picture of the threat. Watson also generates reports on these threats in a matter of minutes, which greatly speeds the time between detecting a potential event and my security team's ability to respond accordingly."