Light Dark
August 14, 2017 By Rohan Ramesh 3 min read
Artificial Intelligence
Intelligence & Analytics

Malware is a major cause of cyberattacks today, with fraudsters using targeted spear phishing emails and social engineering to distribute malicious files to unsuspecting employees at various organizations. To make matters worse, malware has evolved to avoid detection by traditional security tools and systems.

Take the CozyDuke malware campaign as an example. Attackers used spear phishing to distribute Flash videos that installed the CozyDuke executable when played on a victim’s computer. Due to the viral nature of the content, these videos got passed around between colleagues and helped spread the malware rapidly.

Given the sophistication of such malware, security analysts need to identify infected endpoints by investigating indicators and incidents that are flagged by security information and event management (SIEM) systems that monitor activity and suspicious behavior on the network. Analysts are often overwhelmed with the amount of data they need to consume to accurately investigate whether these incidents are truly malicious and, if so, determine the necessary remediation actions.

Watch the on-demand Webinar: 5 Building Blocks for a SOC That Rocks

A Trusted Sidekick for Security

We’ve all read about the famous fictional detective Sherlock Holmes and his sidekick, Watson. Sherlock has an uncanny ability to get the right information to make connections between evidence he sees and the suspect involved in the crime. Today’s security analysts have the cognitive advantage of IBM Watson for Cyber Security to help them make similar connections while investigating cyberthreats such as the CozyDuke malware.

Let’s take an example of a malware attack. IBM QRadar chains together multiple events, such as a potentially successful exploit containing an informational email message and a suspicious file download. It then compiles an offense and generates an alert in the QRadar offense dashboard.

With traditional tools, an analyst would have to take the observables in the offense and perform further threat research to qualify the incident and identify the root cause of the attack. In the process of investigating the incident, the analyst would have to access multiple threat feeds, perform basic search queries, talk to peers and superiors, and read through security bulletins to gather more information on the incident.

On average, analysts investigate 10 to 20 incidents per day. They need to keep abreast of the latest threat information as well as historical threat data to aid their investigations. This can quickly become overwhelming and cause inaccuracies to creep in.

The Power of Cognitive Security

Instead of manually investigating incidents, analysts can now harness the cognitive security capabilities of IBM QRadar Advisor and Watson for Cyber Security to perform investigations and report findings. Watson goes beyond just understanding types of malware and threat entities. It not only identifies the various threat entities, but also finds the relationship between these entities and how they interact within your environment, backed up by supporting evidence in the form of structured threat feeds and unstructured data such as security blogs, bulletins and research reports. With Watson for Cyber Security, analysts have access to millions of security documents to extract the intelligence needed to accurately identify and understand threats within minutes.

In this example, Watson identifies a known threat actor — CozyDuke — and 13 additional observables that were not part of the original offense. It also provides the complete context of all the threat entities involved in the attack and the relationships between them in the form of a knowledge graph. Analysts can explore this graph to understand the full scope of the attack and take appropriate actions for incident response.

Learn More

Who needs Sherlock Holmes when you can have your very own cognitive security sidekick to aid you in your investigations of cyberthreats? Learn more about IBM QRadar Advisor with Watson and take advantage of a free 30-day trial.

Watch the on-demand Webinar: 5 Building Blocks for a SOC That Rocks

 |  |  |  |  | 
Rohan Ramesh
Senior Product Manager

More from Artificial Intelligence
April 25, 2024

NIST’s role in the global tech race against AI

4 min read - Last year, the United States Secretary of Commerce announced that the National Institute of Standards and Technology (NIST) has been put in charge of launching a new public working group on artificial intelligence (AI) that will build on the success of the NIST AI Risk Management Framework to address this rapidly advancing technology.However, recent budget cuts at NIST, along with a lack of strategy implementation, have called into question the agency’s ability to lead this critical effort. Ultimately, the success…

April 24, 2024

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

April 10, 2024

What should an AI ethics governance framework look like?

4 min read - While the race to achieve generative AI intensifies, the ethical debate surrounding the technology also continues to heat up. And the stakes keep getting higher.As per Gartner, “Organizations are responsible for ensuring that AI projects they develop, deploy or use do not have negative ethical consequences.” Meanwhile, 79% of executives say AI ethics is important to their enterprise-wide AI approach, but less than 25% have operationalized ethics governance principles.AI is also high on the list of United States government concerns.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature