Light Dark
August 14, 2017 By Rohan Ramesh 3 min read
Artificial Intelligence
Intelligence & Analytics

Malware is a major cause of cyberattacks today, with fraudsters using targeted spear phishing emails and social engineering to distribute malicious files to unsuspecting employees at various organizations. To make matters worse, malware has evolved to avoid detection by traditional security tools and systems.

Take the CozyDuke malware campaign as an example. Attackers used spear phishing to distribute Flash videos that installed the CozyDuke executable when played on a victim’s computer. Due to the viral nature of the content, these videos got passed around between colleagues and helped spread the malware rapidly.

Given the sophistication of such malware, security analysts need to identify infected endpoints by investigating indicators and incidents that are flagged by security information and event management (SIEM) systems that monitor activity and suspicious behavior on the network. Analysts are often overwhelmed with the amount of data they need to consume to accurately investigate whether these incidents are truly malicious and, if so, determine the necessary remediation actions.

Watch the on-demand Webinar: 5 Building Blocks for a SOC That Rocks

A Trusted Sidekick for Security

We’ve all read about the famous fictional detective Sherlock Holmes and his sidekick, Watson. Sherlock has an uncanny ability to get the right information to make connections between evidence he sees and the suspect involved in the crime. Today’s security analysts have the cognitive advantage of IBM Watson for Cyber Security to help them make similar connections while investigating cyberthreats such as the CozyDuke malware.

Let’s take an example of a malware attack. IBM QRadar chains together multiple events, such as a potentially successful exploit containing an informational email message and a suspicious file download. It then compiles an offense and generates an alert in the QRadar offense dashboard.

With traditional tools, an analyst would have to take the observables in the offense and perform further threat research to qualify the incident and identify the root cause of the attack. In the process of investigating the incident, the analyst would have to access multiple threat feeds, perform basic search queries, talk to peers and superiors, and read through security bulletins to gather more information on the incident.

On average, analysts investigate 10 to 20 incidents per day. They need to keep abreast of the latest threat information as well as historical threat data to aid their investigations. This can quickly become overwhelming and cause inaccuracies to creep in.

The Power of Cognitive Security

Instead of manually investigating incidents, analysts can now harness the cognitive security capabilities of IBM QRadar Advisor and Watson for Cyber Security to perform investigations and report findings. Watson goes beyond just understanding types of malware and threat entities. It not only identifies the various threat entities, but also finds the relationship between these entities and how they interact within your environment, backed up by supporting evidence in the form of structured threat feeds and unstructured data such as security blogs, bulletins and research reports. With Watson for Cyber Security, analysts have access to millions of security documents to extract the intelligence needed to accurately identify and understand threats within minutes.

In this example, Watson identifies a known threat actor — CozyDuke — and 13 additional observables that were not part of the original offense. It also provides the complete context of all the threat entities involved in the attack and the relationships between them in the form of a knowledge graph. Analysts can explore this graph to understand the full scope of the attack and take appropriate actions for incident response.

Learn More

Who needs Sherlock Holmes when you can have your very own cognitive security sidekick to aid you in your investigations of cyberthreats? Learn more about IBM QRadar Advisor with Watson and take advantage of a free 30-day trial.

Watch the on-demand Webinar: 5 Building Blocks for a SOC That Rocks

 |  |  |  |  | 
Rohan Ramesh
Senior Product Manager

More from Artificial Intelligence
December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

December 17, 2024

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

December 12, 2024

Security roundup: Top AI stories in 2024

3 min read - 2024 has been a banner year for artificial intelligence (AI). As enterprises ramp up adoption, however, malicious actors have been exploring new ways to compromise systems with intelligent attacks.With the AI landscape rapidly evolving, it's worth looking back before moving forward. Here are our top five AI security stories for 2024.Can you hear me now? Hackers hijack audio with AIAttackers can fake entire conversations using large language models (LLMs), voice cloning and speech-to-text software. This method is relatively easy to…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature