Dr. Marc Ph. Stoecklin leads the Security Research department at IBM Research - Zurich. He is a Principal RSM and responsible of the AI for Cybersecurity Operations research activities at IBM, with a particular focus on applying artificial intelligence (AI) and machine learning technologies to cybersecurity in hybrid and multi-cloud settings. Fields of activities include advanced threat detection, security advisors and threat intelligence consolidation, active defense and cyber deception, big data cybersecurity analytics, security visualization, as well as malware and security analysis.
Moreover, Marc analyzes the impact of emerging technologies on the cyber security posture of organizations, most recently the misuse and weaponization of AI by cyber attackers (cf. briefing at Black Hat USA 2018) to strengthen their attacks.
Marc is leading the research efforts behind IBM's Cognitive Security offerings (Watson for Cyber Security and QRadar Advisor with Watson) and is one of the key creators of the concepts and algorithms that lead to the product. He is working on several client engagements to validate and operationalize advanced cognitive security analytics and threat intelligence research in real-world environment (including methodologies to detect stealthy and sophisticated beaconing behavior patterns of malware in corporate-scale networks).
Marc holds a PhD (Dr. ès sc.) degree in Computer, communication and Information sciences and a MSc degree in Communication Systems with specialization in "Information and Communication Security" both from École Polytechnique Fédérale de Lausanne (EPFL). In his PhD thesis, he devised novel unsupervised methods to detect and diagnose behavior-based anomalies on the network flow level.
In 2006, Marc joined IBM Research as a research scientist on the AURORA project. In this project, he contributed to the design and development of a flow-based network traffic monitoring and anomaly detection system, which has been commercialized by IBM Tivoli in 2009. In parallel, he developed several behavior-based anomaly detection components for AURORA traffic monitoring system. In 2011, Marc joined the Global Security Analysis Lab (GSAL) at the IBM T.J. Watson Research Center in Hawthorne, NY where he participated in the development of the IBM Cyber Security Analytics and Intelligence research platform. In 2012, Marc became a Research Staff Member of the Cloud and Security Group in the Industry & Cloud Solutions department at IBM Research – Zurich, where he continued to deepen his focus on Cyber Security Analytics on the network level, both in traditional IT and industrial control systems [ICS] networks. From 2014 to 2019, Marc lead the Cognitive Cyber Security Intelligence team at the IBM T.J. Watson Research Center in Yorktown Heights, NY.