RSA 2017 is happening this week and one day into the conference, IBM made huge
security announcements that will change the future of cybersecurity and the effectiveness of addressing threats and vulnerabilites.
Not only did IBM Security announce their newest product launch, IBM QRadar® Advisor with Watson™, they announced Watson’s capabilities in security operations centers (SOCs), and the Jarvis-like Havyn.
An industry first: Cognitive SOCs
“IBM is delivering a platform that brings cognitive technologies into the security operations center (SOC). These tools enhance analysts’ ability to fill gaps in intelligence and act with speed and accuracy. In fact, the IBM Cognitive SOC platform is the industry’s only security operations and response platform integrating advanced cognitive technologies with the ability to respond across the cloud, networks, endpoints and users.” – Vijay Dheap, securityintelligence.com
Why use a cognitive platform for security?
The problem with cybersecurity today is that there are so many vulnerabilities that go undetected, either because programs are not catching the threats or because those who are responsible for addressing threats are inundated with requests and simply don’t have the time or overhead to follow through on offenses.
How does it work?
With Watson, its real-time learning capabilities allow it to derive new knowledge and discover hidden relationships to investigate security threats and then advises security analysts on the nature and extent of the incident. In sum, you’re getting quicker results without having to sacrifice time and manpower.
- Read the blog post “Investigating Threats with Watson for Cyber Security“
- Official press release: IBM brings Watson cognitive computing to security operations centers
- Read the blog post “Bringing the Power of Watson and Cognitive Computing to the Security Operations Center”
- Learn more about IBM’s Cognitive SOC now
IBM QRadar Advisor with Watson
What does Watson do in this role?
A new cognitive app that is available on the QRadar platform, Watson will tap into both structured and unstructured data. Using this knowledge, Watson then advises customers on current existing threats and their relationships to original threat entities.
“The app enables a security analyst to send a security offense to Watson to perform threat discovery, using its knowledge base of hundreds of thousands of unstructured and structured data sources and mapping that back to threat entities related to the original security offense, such as malicious files, suspicious IP addresses, rogue entities, and the relationships between them. This is particularly valuable in determining whether or not a security offense is associated with a known malware campaign. If so, Watson provides background on the malware employed, vulnerabilities exploited, and scope of the threat (including additional impacted endpoints), among other insights.” -IBM Security
- Visit IBM’s QRadar Advisor with Watson for more information and to sign up for the free webinar on Feb. 28, 2017
- Read the blog post “IBM QRadar Advisor with Watson: Revolutionizing the Way Security Analysts Work”
Talk to Watson for Security with Havyn
IBM master inventor, Michael Spisak, revealed Havyn at RSA. This was a project that came about when Spisak’s son inquired as to why he couldn’t speak to a Watson-based chatbot, Havyn was born.
“Now, all of a sudden, we were able to ask questions about cybersecurity and get answers,” says Spisak.”
Currently Havyn is not available to the public, but when it is you can bet Watson will have a lot to say when it comes to cybersecurity.
What are your thoughts on IBM’s announcements at RSA?
Are you at RSA? What seminars are you most excited about? Tweet me @dWSecurity and let me know!