Cognitive Cybersecurity Intelligence (CCSI) Group - Cognitive Security Intelligence
We are researching and developing techniques and methodologies to apply cognitive analytics and IBM Watson technologies to challenging security problems.
Cognitive Security Analytics
Security analysts in a security operations center (SOC) investigate many cyber security incidents every day. Many of them may be originating from false positives of a detection system, whereas for others, they spend significant amounts of time on identifying relevant information and data mining surrounding events or incidents to understand the bigger picture.
We are researching on how we can support SOC analysts in providing them a companion (or co-pilot) assisting them with recommendations and suggestions based on cognitive reasoning, i.e., to reduce the analysts' workload and provide them with insights about a given incident that they would not be able to produce under existing time and complexity constraints. The methods and tools we research on perform activities such as understanding, learning, and reasoning over on-going and past security incidents and events in a SIEM system (IBM QRadar) and combining them with insights obtained from the Security Knowledge Graph (Watson for Cyber Security).
Key challenges and technologies: AI, machine learning, natural language processing (NLP), reasoning, deep security knowledge.
- 02/2017: IBM announces IBM QRadar Advisor with Watson at the RSA Conference 2017.
- 05/2016: Sandy Bird, IBM Fellow and CTO Security Systems Division presenting the results of our research and the offering at the IBM Security Summit 2016: Cognition and the Future of Security - Sandy Bird
Our chair, president, and CEO Ginni Rometty shares the statistics of Watson for Cybersecurity. Our initial vision and direction became her keynote speech at the 2017 IBM Security Summit.
Security Knowledge Graph
A tremendous amount of security knowledge resides siloed in different repositories, such as threat intelligence databases, malware sandbox reports, threat reports released by security vendors, or blogs. Security analysts are required to search these systems manually, keep track of the findings, and correlate over them to identify actionable insight.
We are researching on methods to consolidate, correlate, and reason over vast amounts of security intelligence data extracted from hundrets of millions security documents (unstructured and structured) leading to billions of facts.
Key challenges and technologies: Graph mining, NLP, signal flow, belief propagation, machine learning, ontologies, scalable graph computing.
- 12/2016: Press coverage of the beta release of our research: IBM Watson for Cybersecurity Inches from Research to Reality
- 05/2016: IBM Security turns our research into an offering: IBM Cognitive Security (Watson for Cyber Security)
- 05/2016: Ginni Rometty, CEO, Chairwoman, and President of IBM, announcing Watson for Cyber Security at the IBM Security Summit 2016: Outthink Threats - Ginni Rometty