How Watson helps detect threats faster and better protect your organisation

Key Points:

• More than 80% of the world’s data is untapped by traditional systems. In the cybersecurity industry, not having data, the complete context, and a real-time view of threats puts an organisation at risk.
• Any one missed threat can result in a costly disaster. Cybersecurity Ventures estimates global ransomware attacks will exceed $5 billion in damages this year, up from $325 million in 2015.
• For the first time, AI and cognitive intelligence is being used to transform the cybersecurity industry and help analysts identity threats more accurately and resolve them faster than ever before.
• Some Watson clients have seen 50% faster threat analysis times with  QRadar Advisor

If you knew how to better protect your organisation why wouldn’t you?

 Artificial intelligence is touching just about every aspect of our lives making cars safer, connecting devices in our homes, changing the way brand marketers engage us with their latest campaigns, and personalising the latest medical treatments and protocols to improve care.

Now, cognitive technology is being used in the cybersecurity industry to fend off hackers tackling two challenges simultaneously:

1. There’s an unprecedented amount of information available about threats ranging from thousands of blogs to cybersecurity journal articles, news stories, research papers and more. Yet, most computers can’t automatically access this type of unstructured content requiring security analysts to spends hours culling through online content manually.
2. There are not nearly enough cybersecurity analysts to identify threats and resolve exploits quickly. In 2017, 45% of businesses say they have a “problematic shortage” of cybersecurity skills. In 2016,  46% had the same concern, but these last two years represent a huge increase in this critical skills shortage.

According to Cyberseek, a project managed by the U.S. Department of Commerce to measure cybersecurity talent demands, there are almost 350,000 open cybersecurity jobs available at the time we published this article. Cybersecurity analyst is among the most advertised position online.

Finding a needle in the haystack, in real-time

Every day, security analysts look at an ocean of events gathered from log files. Their job is to identify security threats and determine which events warrant further investigation. A dearth of skilled analysts, combined with an overwhelming array of data from blogs and research papers, makes it difficult to put security events in context. Gone unchecked, any one event could lead to a much larger security incident and spell disaster for an organization, allowing attackers to gain control of its infrastructure, steal sensitive data and damage the brand’s reputation.

For instance, on average a security analyst reviews 10-20 high-risk security incidents in a day. Of these threats only a few may be an actual threat that needs to be escalated for resolution while, the most others are non-malicious. But this job can take hours and the research and identification of threats delays the analysts ability to quickly eliminate the threat.

Now, cybersecurity analysts can delegate the tedious and time-consuming task of threat research to AI technology powered by IBM Watson. IBM has integrated Watson Discovery Service with QRadar Advisor for the purposes of augmenting human intelligence to help analysts sort through large volumes of data at speed and scale that no person can match.

How Watson Discovery Service helps cyber security analysts detect threats faster than ever before

IBM QRadar Advisor with Watson combines insights from structured information (from X-Force) and insights from unstructured data (from IBM Watson Discovery Service) to collate millions of individually logged IT events including breach reports and best practice guidelines. Using its industry knowledge corpus of cybersecurity information, threats that are hidden or go unnoticed by manual investigations are easily uncovered, like finding a need in a haystack, all day, every day.

First cognitive solution for cybersecurity

IBM QRadar Advisor with Watson augments a security analyst’s ability to identify and understand sophisticated threats, by tapping into unstructured data and correlating it with local security offenses. It combines the cognitive capabilities of Watson and the industry leading QRadar Security Analytics Platform to uncover hidden threats and automate insights, revolutionising the way security analysts work.

AI is still a new cybersecurity technology for many organisations. But in today’s world of increasing threats and breaches, without AI, organisations are in a reactive mode and struggling to get ahead of the cyber threat curve. Reducing security incident response times is critical to winning the battle against cybersecurity threats and giving your company a competitive advantage.