IBM’s Watson brings AI cybercrime fighting tools to security operations centers


IBM Corp.’s long-held ambition to fight cybercrime has come to fruition as it announced the general availability of its Watson for Cyber Security platform.

The platform, announced in May 2016 and launched in beta test phase in December, has been designed to discover behavior patterns and evidence of hidden cyber attacks and threats that could otherwise be missed by existing security platforms. Utilizing Watson’s ability to reason and learn from unstructured data, the company said, the platform can analyze the 80 percent of all data on the Internet that traditional security tools cannot process, including blogs, articles, videos, reports, alerts and other information.

According to IBM, Watson has now been trained on the language of cybersecurity by ingesting more than a million security documents. That allows it to assist security analysts in parsing thousands of natural-language research reports that have never before been accessible to modern security tools. That in turn, IBM said, makes it the industry’s first augmented intelligence technology with the ability to power cognitive security operations centers, or SOCs.

Watson for Cyber Security is being integrated into IBM’s new Cognitive SOC platform, which brings together machine learning technologies with security operations to allow users to respond to threats across endpoints, networks, users and the cloud. Included in the package are a number of tools to assist security analysts, including IBM QRadar Advisor with Watson, a new app that allows users to tap into Watson’s insights, as well as a Watson chatbot that lets users ask natural-language questions.

IBM claims that only 7 percent of security professionals use cognitive tools today, but it expects the number to triple in the next two to three years. That’s the market IBM hopes to capture with the new platform.

“Currently, most security teams are hampered by manual processes and detection technologies that don’t provide adequate context for response,” Forrester Research Inc. analyst Joseph Blankenship told SiliconANGLE. “Bringing technologies like security analytics, cognitive capabilities, and automation together promises increase the efficiency of security operations, speeding reaction times and reducing the impact of cyberattacks. If Watson accurately learns the language and nuance of cybersecurity, it could become an intelligent resource for security teams, giving them an advantage against the attackers targeting them.”

Ultimately it all comes down to advanced threat detection. Denis Kennelly, IBM Security’s vice president of development and technology, said that with SOCs looking to find an advantage against legions of cybercriminals, combining the unique abilities of human and machine intelligence will be critical to the next stage of the battle.

Image: atomictaco/Flickr/CC by 2.0