IBM's Watson turns hand to security with Watson for Cyber Security

IBM pushes in-house artificial intelligence technology for cognitive security operations centres

IBM has announced the availability of Watson for Cyber Security after, it claims, spending more than a year training its in-house artificial intelligence technology to recognise potentially dangerous threats.

The company claims that Watson for Cyber Security has been "trained on the language of cyber security", ingesting more than one million security documents in order to help security analysts comprehend the information they need to do their work every day.

Watson for Cyber Security will be integrated into IBM's new Cognitive SOC [security operations centre] platform. The platform will combine cognitive understanding with an ability to read and respond to threats across endpoints, such as PCs, networks, users and even software running in the cloud.

The key element, claims IBM, is IBM Qradar Advisor with Watson, which taps Watson's database of security knowledge and correlates that with threats being churned out from the platform. Early adopters include Avnet, Sopra Steria and the University of New Brunswick.

"Today's sophisticated cybersecurity threats attack on multiple fronts to conceal their activities, and our security analysts face the difficult task of pinpointing these attacks amongst a massive sea of security-related data," said Sean Valcamp, chief information security officer at Avnet.

He continued: "Watson makes concealment efforts more difficult by quickly analysing multiple streams of data and comparing them with the latest security attack intelligence to provide a more complete picture of the threat.

"Watson also generates reports on these threats in a matter of minutes, which greatly speeds the time between detecting a potential event and my security team's ability to respond accordingly."

Like Dynatrace just last week, IBM is also planning to introduce a voice powered assistant, called Havyn, that will respond to verbal commands and natural language queries from security analysts.

The Havyn project connects to Watson APIs, and uses BlueMix and IBM Cloud to provide real-time response to verbal requests and commands, accessing data from open-source security intelligence, including IBM X-Force Exchange, as well as client-specific historic data and their security tools.

Cognitive computing tools - artificial intelligence or quasi-AI that can provide an interpretation layer, and correlate threats against databases of information, including security blogs, specialist websites, research papers and other sources - are relatively new in security.

According to IBM, only seven per cent of security pros today use cognitive tools today, but that number will triple in just two or three years.

To extend Cognitive SOC to endpoints, IBM Security has also announced a new endpoint detection and response (EDR) solution, called IBM BigFix Detect. This is intended to help organisations gain greater visibility into the constantly changing endpoint threat landscape, while bridging the gap between malicious behaviour detection and remediation.