Picture this: You are the leader of a security operations center (SOC) and yet another major ransomware attack is making headlines. Within minutes of the news breaking, you receive questions about your company’s exposure to this ransomware. You’ve implemented your incident response plan and you’ve woken your team members from their beds.
Your team is overwhelmed, working tirelessly to analyze the fallout from WannaCry, Petya and other recent high-profile attacks. You’ve also been dealing with compliance audits, investigating insider threats, moving between data centers and bringing staff members up to speed — all essential activities for any security team leader.
Closing the Skills Gap With Cognitive Security
Cognitive security tools can help analysts juggle these responsibilities. New tools are reaching the market at an increasing rate, some of which are already integrated with your current security information and event management (SIEM) system and SOC infrastructure. The SOC has been generating huge amounts of data for various initiatives, such as compliance efforts, performance data and more. It also generates lots of noise and false positives. Meanwhile, the new analysts you’ve hired are struggling to come up to speed, and your established rock stars are busy fighting fires.
SOC team leaders need reliable solutions to help them cope with this skills gap. It’s time to invest in cognitive tools to ring-fence the firefighters and tune the system to reduce false positives. When determining which solutions to invest in, look for products that are simple, efficient and compatible with existing infrastructure. It’s also worth considering whether these tools can be tested at a responsible speed.
Augmenting Human Intelligence With Automated Insights
There are solutions that deliver on all these features and more. The centerpiece of IBM’s new Cognitive SOC is QRadar Advisor with Watson. It combines IBM QRadar, the industry’s leading security analytics platform, with the cognitive capabilities of Watson for Cyber Security to automatically investigate and qualify security incidents. It also integrates with most SIEM tools using a wizard-based solution. Most importantly, it enables analysts to stop fighting fires and focus on strategies to proactively protect the network from ransomware and other threats.
The cybersecurity skills gap is no match for Watson. Cognitive security augments those inexperienced new hires by uncovering hidden threats and automating insights. With this collective knowledge at their fingertips, your analysts can respond to threats with unprecedented speed and accuracy, and your rock stars have more time to improve your platform — and maybe get some much-needed shut-eye.
DevOps Manager, IBM
Cathal O'Donovan is a contributor for SecurityIntelligence.