IBM teaches its AI-security tool new tricks

Today, IBM Security announced new capabilities for the company’s AI-based security platform, QRadar Advisor with Watson.

IBM Watson is a flexible cognitive computing system that can be trained to learn and predict pretty much anything, including cyber threats. The initial release of QRadar Advisor with Watson allowed the platform to gather, read and understand structured and unstructured security data from external sources. But now, IBM Security is teaching Watson how to learn and contextualize the behavior of threats, in addition to an organization’s responses to them. This will be done with the help of two new capabilities for QRadar Advisor: Threat disposition models and cross-investigation analytics.

Threat disposition models are a new set of algorithms that build a model for specific threats, based on the actions and outcome of similar events from an organization’s past. When a new investigation comes in, this model can be used to help rule out false positives, or help analysts decide whether the threat should be escalated as malware, data exfiltration, or something else. Cross-investigation analytics allows QRadar Advisor to find similarities across investigations and automatically group them together to avoid duplication.

“IBM has developed new analytic and learning models which enable QRadar Advisor to identify long and slow attack patterns and adapt to the local client environment. This learning loop gets smarter with time based on additional interactions and engagement with analysts, allowing the tool to provide stronger recommendations on how to respond, as well confidence ratings based on how incidents align with historical data,” the company said in a press release. “Watson will be used to help QRadar Advisor build better threat disposition models for specific threats based on actions and outcomes of previous similar security events. Better models mean more accurate detection and fewer false positives.”

Even before Watson, the QRadar Advisor security platform was already receiving development efforts from over 2,000 prominent security organizations through X Force Exchange. Major contributors include Carbon Black, BrightPoint Security, Exabeam and Resilient Systems.

IBM has also implemented the MITRE ATT&CK framework – which according to this whitepaper, is a useful tool across many cyber security disciplines that helps “convey threat intelligence, perform testing through red teaming or adversary emulation, and improve network and system defenses against intrusions” – to help both Watson and analysts see how attack patterns evolve using real-world security incidents. The data is used to predict security trends, prepare countermeasures, and pinpoint the stage of attack. In addition, the ATT&CK model database also uses data from lab-emulated adversary scenarios to test and verify the effectiveness of defenses.

“Combining the ATT&CK framework of known adversary tactics with Watson for Cyber Security’s ability to stay current on the latest security research, QRadar Advisor can help arm analysts of all levels with the knowledge needed to better respond to the threats they’re facing,” said Chris Meenan, director of IBM security intelligence offering management and strategy.


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Tom Li
Tom Li
Telecommunication and consumer hardware are Tom's main beats at Channel Daily News. He loves to talk about Canada's network infrastructure, semiconductor products, and of course, anything hot and new in the consumer technology space. You'll also occasionally see his name appended to articles on cloud, security, and SaaS-related news. If you're ever up for a lengthy discussion about the nuances of each of the above sectors or have an upcoming product that people will love, feel free to drop him a line at [email protected].

Related Tech News

Featured Tech Jobs


CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.