November 2, 2016 By Suzy Deffeyes 3 min read

Last week was really exciting, thanks to the energizing atmosphere at the World of Watson 2016 conference. I spent the week talking to customers about how we are integrating Watson for Cyber Security into QRadar and demoing QRadar’s User Behavior Analytics application. As an architect, I always like finding new use cases that customers are interested in, and I found several at World of Watson.

AI: Augmented Intelligence

One of the messages from WoW is that Watson is not artificial intelligence — it’s more accurately described as augmented intelligence. We aren’t trying to replace humans — and that is especially true in the security space.

We aren’t trying to replace security analysts that study threats in their environments and on their networks. We are simply trying to make a very challenging job easier by helping analysts find the needles in haystacks of data and prioritize threats more effectively.

The initial integration of Watson for Cyber Security with IBM QRadar is designed to help security operations center (SOC) analysts study security anomalies more thoroughly and with greater velocity. I demoed this integration during the security keynote at the event.

Training Watson

We’ve been training Watson to understand the language of security. To do this, we created a security-specific machine learning model loosely based on Structured Threat Information Expression (STIX) and Cyber Observable Expression (CybOX) constructs. This allows Watson to pull in and utilize vast amounts of the human-created content written about security. A human analyst cannot possibly read and understand hundreds of published pages of threat information every day; there simply aren’t enough hours.

Watson helps by pulling in security blogs, threat research and other natural-language text written about emerging threats and comprehending it from a security point of view. The system understands which URLs in a threat research document are indicators of compromise (IoCs) and places them in a negative context. Watson also understands which URLs in the threat research documents represent a course of action, or remediation, for a threat. These are viewed in a positive context.

In addition, Watson has to be able to understand what type of malware a given article is about. Without a security-specific model, for instance, Watson thinks that poison ivy is a skin rash. In the security realm, however, Poison Ivy is actually a type of remote access Trojan (RAT) used to control a compromised computer.

Enriched Analysis

Watson for Cyber Security also makes use of traditional, structured threat data. For instance, we pull in curated threat intelligence from IBM’s X-Force research team and use this traditional data to build a large IBM Graph to show relationships between entities.

These large knowledge graphs of structured and unstructured data help enrich the analysis of offenses. Watson for Cyber Security will be able to use cognitive reasoning algorithms to conduct toxicity analyses on relationships in the knowledge graphs, helping analysts know what to focus on.

World of Watson Offers a Broad View on Cognitive

For me, the week at World of Watson was eye-opening because it gave me a broader view on cognitive technology outside my focus on security. There were lots of cognitive Internet of Things (IoT) demos — quadcopters, cars, robots and more. IBM’s top technologists presented on all topics cognitive-related, including sentiment analysis of natural language, computer vision applications and machine learning used to train Watson to understand a new domain.

It was great to see the plethora of solutions the IBM Analytics team offered that fit naturally with cognitive. My inner geek was certainly well-fed. I’m now looking forward to all the exciting ways I’ll be able to apply cognitive technologies in the realm of security.

More from

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today