February 15, 2017 Leave a comment
Watson for SOC is here! During the RSA Security conference from this week in San Francisco IBM announced the availability of Watson for Cyber Security powering cognitive Security Operations Centers (SOCs). Apparently a new announcement, like other thousand in the techno field, marking the innovation adoption and just another milestone in the evolution spiral…
But many peoples are considering this more than a simple announcement… Bringing the power of Watson and Cognitive Computing to the Security Operations Center is the opening of a new era in cyber security solutions industry. A cognitive security era. Let’s see what is exactly behind this simple integration announcement. Over the past year, Watson has been trained. To properly learn the cybersecurity language Watson ingested in last year more than over 1 million security documents. Based on this knowledge legacy Watson helps now all security analysts to research thousands of natural language reports. Any modern security tool could not do this before…
Even if you know something, you never could imagine the real dimension of cyber security fight. The dark reality is now 80% of world unstructured data was invisible for traditional security watch systems. According to IBM research, more than 10000 of security resource papers, 180000 articles and 720000 security blogs are released each year, without a central repository possibility and a coherent analyse. As result, most data remains unknown and unusual for worldwide cyber security defence.
Starting from now data security professionals can quickly access, analyse and interpret all these 80% underwater unstructured data “created by humans, for humans” and integrate it with structured provided by thousands of sources. Watson for Cyber Security is integrated with cognitive technologies allowing the new Cognitive SOC platform to analyse and signal threats coming from endpoints, network, users and Cloud.
Cognitive security solutions are based on frontier technologies like machine learning and natural language processing, trying to reproduce the functions and mechanisms of the human brain. Using Watson security the researcher can quickly analyse multiple streams of data and compare it with the latest security attacks, providing a more intelligent picture of the threat and generating real-time reports to potential events detected.
The core engine of Watson for Cognitive SOC platform is IBM QRadar Advisor with Watson, a new application tested by more than 40 worldwide partners and clients to augment analysts’ investigations into cyber security incidents. The IBM QRadar Advisor with Watson app enhances security analysts’ cognitive capabilities in their investigations and remediation through IBM’s QRadar security intelligence platform. The solution is helping in the possible threats detection by correlating Watson’s natural language processing capabilities across security research works, Websites and blog pages, and thousands of other sources. This could reduce any cyber security investigations from weeks or days to minutes.
According to the IBM Institute research “Cyber security in the Cognitive Era”, only 7 % of security professionals are using today cognitive tools… The IBM Cognitive SOC platform brings cognitive methodologies into security analyst’s desktop, enhancing their proactivity to fill security knowledge breaches and to act with speed and efficiency.
Driven by the dramatic growth in security incidents IBM invested also in research to bring cognitive tools into its global X-Force Command Center network, including a Watson-powered chatbot currently used in the interactions with IBM Managed Security Services customers. This new communication and collaboration tool can manage over 1 trillion security events per month. Using instant messaging, clients can ask Watson questions about their security status or network configuration.
IBM’s global network of X-Force Command Centers is using IBM’s cognitive capabilities like QRadar Advisor with Watson to enhance the investigation of security events. Over the past five years, IBM has built over 300 security operations centres for clients in all strategic industries. As part of the IBM X-Force Command Center network, any company can choose to have their IBM Cognitive SOC on-premise or via the IBM Cloud.
IBM also announced a new research project, code-named Havyn, having as a goal to create a voice-powered security assistant that can interact with security analysts on topics such as real-time threat updates and information on an organisation’s security issues. The Havyn project is integrating Watson APIs, BlueMix and IBM Cloud to provide real-time response to verbal requests and commands. Havyn is accessing data from open source security intelligence, including IBM X-Force Exchange, investigating also client-specific historic data and their security tools. Havyn is currently being tested by select researchers and analysts within IBM Managed Security Services.