IBM’s Watson teams up with its SIEM platform for smarter, faster event detection

IBM’s Watson teams up with its SIEM platform for smarter, faster event detection

San Francisco -- IBM’s Watson supercomputer can now consult with the company’s security information and event management (SIEM) platform to deliver well researched responses to security events and do so much faster than a person.

Called IBM Q Radar with Watson, the new offering is the introduction of IBM’s push for a cognitive security operations center (SOC) that will be built around Watson contributing to decisions made in tandem with other security products from the vendor. IBM announced the service at the RSA Conference 2017.

In the case of Q Radar, when the SIEM catches a security event, human security analysts can choose to enlist Watson’s help analyzing the event to determine whether it fits into a known pattern of threat and put it a broader context, IBM says.

To do this, Watson has been fed relevant security research that is continually being updated as analysts publish more blogs and research. That’s more information than a human analyst could hope to keep up with, IBM says. The advantage is that Watson doesn’t forget any of what it has learned and it can sift through its knowledge faster than a person, IBM says. How fast? It can come up with an analysis in 15 minutes that might take a person a week.

In its investigations, Watson can interact with Q Radar to zero in on the scope of attacks. For example, Watson might find that a security event includes indicators of an attack and compromise that add up to a possible advanced persistent threat from the cyber attack group known under the names CozyDuke, CozyBear, CozyCar or Office Monkeys. Watson can review other data gathered by Q Radar to determine whether there are additional indicators of compromise that point to a broader attack from the group that goes beyond the initial incident being investigated, IBM says.

The company says that the more Watson reads, the more it builds out an understanding of threat intelligence that it can apply to particular events. Underlying its analysis are probability ratings, weighting of incidents and algorithms to sort it all out.

Human analysts can drill down on incidents Watson has researched via descriptions of the threats written in natural language.

Customers have Q Radar on premises and the platform consults with Watson in the cloud.

The service isn’t a replacement for human analysts, but rather a tool for them to work more efficiently and thoroughly, IBM says.

+ MORE FROM RSA: See all the stories from the conference +

Current customers of Q Radar can get the Watson integration as an add-on application, as can new customers.

In addition to Q Radar with Watson, IBM plans to add other tools to its Cognitive SOC including IBM BigFix Detect, which makes for quicker detection of endpoint threats and reduces the time to response. This can tie in to IBM’s incident response platform, Resilient, to jump start and orchestrate remediation of incidents. It also includes IBM’s threat intelligence sharing X-Force Exchange and its threat-hunting platform, i2.

IDG Insider


«In Verizon's wake, T-Mobile adds hotspot data, HD video streaming to unlimited data plans


For Honor review impressions: Smooth PC performance, mediocre melee campaign»
IDG Connect

IDG Connect tackles the tech stories that matter to you

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.


Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.



Will Kotlin overtake Java as the most popular Android programming language in 2018?