Videos: IBM Watson To Assist Cybersecurity Analysts Using QRadar SIEM
Two stories dominate cybersecurity news today. The first is the rise in the sophistication and frequency of attacks and the second is about the shortage of skilled cybersecurity analysts. IBM is hoping Watson can address both trends. ZDNet reported that Watson has emerged from beta testing with about 40 customers and is now available to the 8,000 users of IBM’s QRadar Security Information and Event Management (SIEM) software. An IBM press release reports that Watson was trained by reviewing over a million security documents.
“Today’s sophisticated cybersecurity threats attack on multiple fronts to conceal their activities, and our security analysts face the difficult task of pinpointing these attacks amongst a massive sea of security-related data,” said Sean Valcamp, Chief Information Security Officer at Avnet. “Watson makes concealment efforts more difficult by quickly analyzing multiple streams of data and comparing it with the latest security attack intelligence to provide a more complete picture of the threat.”
Delegating Work to Watson Through QRadar
Typically, a cybersecurity analyst that identifies a potential incident would analyze internal logs through a SIEM and other internal systems and also review external data sources such as threat intelligence, industry blogs and social media. It is a digital version of a Sherlock Holmes crime investigation. Data fragments are used to reconstruct the series of events and assess the impact to the organization. Now, an analyst can “delegate the investigation to QRadar advisor,” according to a product video. The QRadar “advisor” creates an automatic query of log data and sends the local information to Watson which then correlates that data with information from blogs, security forums and other sources. The risks and attack pattern information is then provided to incident response teams for action.
New Watson Voice Interface, Project Havyn, Also in the Works
While Watson on QRadar will initially be accessed by analysts using a messaging chatbot, the announcement also mentions a new voice interface for the solution called Havyn. eWeek summarized it this way:
Watson isn’t the only tool that IBM is building to help enable its cognitive SOC strategy. IBM is now also developing a voice interface for security analysts under the name project Havyn. The idea of using voice powered assistants is becoming increasingly common in the consumer electronics world with Apple’s Siri and Amazon’s Alexa, but it’s not something that has been used in security. The Havyn project makes use of Watson APIs, IBM BlueMix and IBM Cloud to give security analysts a voice interface to ask questions about security data and events.
More B2B Voice Advisor Solutions from IBM
This is another example of IBM bringing a B2B solution built upon its Watson AI-based virtual advisor. Voicebot covered this topic for VentureBeat last fall concluding that IBM was building out B2B markets for AI while Google and Amazon fought it out in the consumer space. Another interesting point is that IBM is consistently billing Watson as a virtual advisor and not a virtual assistant. Amazon’s Alexa and Google’s Assistant are positioned as virtual assistants. The assistants perform tasks on your behalf. By contrast, IBM’s virtual advisor analyzes data and provides information to help humans make decisions and take action. It does perform analysis tasks, but leaves the decisions about business execution to people.