Security

IBM uses Watson to fill cybersecurity gaps

IBM's new Watson for Cyber Security, unveiled at RSA, can tap into more than 1 million security documents to help cybersecurity professionals more easily identify and mitigate potential threats.

462665.jpg

Security analysts at IBM X-Force Command Centers use Watson to augment their investigations into cybersecurity incidents.

Image: John Mottern/Feature Photo Service for IBM

IBM Watson has a new job: Cybersecurity specialist. At the RSA Conference on Monday, IBM announced the availability of Watson for Cyber Security, with the aim of assisting cybersecurity professionals with threat assessment and mitigation.

Watson for Cyber Security studied over 1 million security documents in the past year. The company said it is the industry's first augmented intelligence technology with the ability to power cognitive security operations centers (SOCs). "Watson can now help security analysts parse thousands of natural language research reports that have never before been accessible to modern security tools," according to a press release.

Enterprises are currently facing a great shortage of qualified cybersecurity professionals, according to several recent studies. Those that have been hired search through an average of more than 200,000 security events each day—spending more than 20,000 hours per year examining false positives, according to IBM research. Watson may be able to help fill the talent gap, and keep up with increasing security alerts and regulations.

IBM will integrate Watson for Cyber Security into its new Cognitive SOC platform through an app called the IBM QRadar Advisor with Watson. The app is the first available option for enterprise users who want to take advantage of Watson's new security capabilities. IBM QRadar uses Watson's natural language processing abilities to analyze information from security websites, blogs, and research papers, and pair it with security incident data and intel from QRadar. The service is meant to help cybersecurity professionals examine potential threats, and is expected to shorten investigations from weeks and days to minutes, IBM said.

SEE: Rise of the 'accidental' cybersecurity professional

Only 7% of security professionals use cognitive tools today, according to a recent IBM study. However, that number is expected to triple in the next two to three years. "The Cognitive SOC is now a reality for clients looking to find an advantage against the growing legions of cybercriminals and next generation threats," said Denis Kennelly, vice president of development and technology, IBM Security, in the press release. "Our investments in Watson for Cyber Security have given birth to several innovations in just under a year. Combining the unique abilities of man and machine intelligence will be critical to the next stage in the fight against advanced cybercrime."

More than 40 companies, including Avnet, the University of New Brunswick, and Sopra Steria are currently using IBM QRadar Advisor with Watson, the release said. The Cognitive SOC platform also provides "the ability to respond to threats across endpoint, network, users and cloud," according to the release.

"Today's sophisticated cybersecurity threats attack on multiple fronts to conceal their activities, and our security analysts face the difficult task of pinpointing these attacks amongst a massive sea of security-related data," said Sean Valcamp, chief information security officer at Avnet, in the press release. "Watson makes concealment efforts more difficult by quickly analyzing multiple streams of data and comparing it with the latest security attack intelligence to provide a more complete picture of the threat. Watson also generates reports on these threats in a matter of minutes, which greatly speeds the time between detecting a potential event and my security team's ability to respond accordingly."

IBM also made several digital assistant announcements, including a Watson-powered chatbot for its Managed Security Services customers.

The company also unveiled a new research project, code named Havyn, which will eventually result in a voice-powered security assistant that uses Watson conversation technology to respond to verbal commands from security staffers. This way, the assistant can alert and interact with professionals about real-time threat updates and other information. Havyn will use Watson APIs, BlueMix, and IBM Cloud to access data from open source security intelligence and clients, and provide a real-time response to verbal commands. "For example, Havyn can provide security analysts with updates on new threats that have appeared and recommended remediation steps," the release stated.

The 3 big takeaways for TechRepublic readers

1. At the RSA Conference on Monday, IBM announced the availability of Watson for Cyber Security, which can use its knowledge of more than 1 million security documents to help cybersecurity professionals identify and mitigate threats.

2. The service may be able to help fill current enterprise gaps in cybersecurity, as many companies face a shortage of qualified professionals in the field.

3. IBM also announced a Watson-powered chatbot for its Managed Security Services customers, and a new security digital assistant research project.

Also see

About Alison DeNisco Rayome

Alison DeNisco Rayome is a Staff Writer for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.

Editor's Picks

Free Newsletters, In your Inbox