IBM Powers Cognitive Security Operations With Watson

After months of training, IBM's Watson for Cyber Security platform is now ready for the market and will help to enable a new generation of Cognitive Security Operations Centers.

IBM Watson

IBM announced a series of new cognitive computing-powered cyber-security products and services on Feb. 13, including the general availability of Watson for Cyber Security.

IBM has been training its Watson cognitive computing platform to understand cyber-security since May 2016 and had a beta launch in December.

"Watson has been on a journey to learn the language of cyber-security; it has gone through its internship, and now it's ready to go to work," Caleb Barlow, vice president of threat intelligence for IBM Security, told eWEEK.

Watson is able to find potential security risks in minutes, thanks to its ability to parse through large volumes of unstructured data rapidly, according to Barlow. The Watson for Cyber Security technology will now help to enable IBM's new Cognitive Security Operations Center (SOC) platform.

Among the services that are part of the IBM SOC platform is the QRadar Advisor with Watson offering, which uses Watson to help understand data that comes from the QRadar Security Information and Event Management (SIEM) platform. Barlow explained that when QRadar detects a potential security incident, the Watson for Cyber Security platform can do a rapid analysis.

"Watson is the brains behind the cognitive SOC, ultimately saving security analysts a whole lot of time," he said.

Watson isn't the only tool that IBM is building to help with its cognitive SOC strategy. IBM is also developing a voice interface for security analysts under the project name Havyn. The idea of using voice-powered assistants is becoming increasingly common in the consumer electronics world with Apple's Siri and Amazon's Alexa, but it's not something that has been used in security. The Havyn project makes use of Watson APIs, IBM Bluemix and IBM Cloud to give security analysts a voice interface to ask questions about security data and events.

Looking beyond just analysis, IBM's Cognitive SOC initiative also benefits from the new IBM BigFix Detect endpoint detection and response (EDR) platform.

"We're adding EDR to BigFix, and what it does is it helps organizations get full visibility into the constantly changing endpoint landscape and bridge the gap between detection and remediation," Barlow said.

IBM acquired BigFix in July 2010 as a platform to help organizations update endpoint systems with the latest patches.

"We're now colliding the detection of endpoint risks with the ability to immediately respond and fix the endpoint," Barlow said.

IBM has an aggressive strategy for growing its security capabilities. Looking forward, Barlow said IBM will focus on security operations and response, helping organizations to build out security capabilities. Additionally, he noted that IBM will continue to innovate its identity and access capabilities.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.