Security

IBM Adds Voice Help to Cybercrime-Fighting Watson-Powered Weaponry

• By Dian Schaffhauser
• 02/13/17

Remember the scene when the Avengers are in the process of breaking into a Hydra base in "Avengers: Age of Ultron," and virtual assistant Jarvis informs Tony Stark, "The central building is protected by some kind of energy shield. Strucker's technology is well beyond any other Hydra base we've taken"? That really isn't much different from a security analyst making the announcement to his on-campus CISO that a dorm of students has been hit by Locky malware. However, in a vision hinted at by IBM as it officially announced the availability of Watson for Cyber Security, one crucial addition would be extra help so that everybody on the security team would know exactly how to respond to the new threat.

The new Watson security technology is being integrated into IBM's new cognitive security operations center (SOC) platform, which combines the cognitive abilities of Watson with on-the-ground security operations to help cybersecurity teams detect and fight threats across endpoints, networks, users and the cloud.

Several components come into play. IBM QRadar Advisor with Watson is a new app that taps into Watson's "corpus" of cybersecurity data, both structured and unstructured, and then correlates it with local security incidents to augment investigations. Based on the information the app gathers, it formulates a threat query to deliver to Watson for additional processing. The advisor program is available in the IBM Security App Exchange.

Among the users of QRadar Advisor is the University of Brunswick, which was one of eight institutions chosen last year by IBM to help the company adapt Watson for use in cybersecurity work. Computer science students at that time were enlisted to help Watson consume and process massive amounts of cybersecurity data, including two decades of security research, details on eight million spam and phishing attacks and more than 100,000 documented vulnerabilities. Now UNB, along with California State Polytechnic University, Pomona and other organizations, is testing Watson's ability to aid in directly fighting cybercrime.

IBM is also pushing its Global X-Force Command Center work, which sets up managed service "war rooms" for staying on top of cyber threats. Those operations can be on-premise or hosted by IBM and run through the cloud. As part of that line, the company introduced a Watson-powered chatbot, which it uses to interact with its customers. According to the company, clients may ask Watson questions via instant messaging about their security posture or network configurations or execute commands, such as reassigning a ticket to a new support person.

Now it has also begun testing additional technology, code-named "Havyn" (for "haven"), which provides a voice-powered security assistant, a la Jarvis. Havyn was created by IBM "master inventor" Michael Spisak, who worked on the tool with his 11-year-old son. Spisak had been chatting with Watson through the keyboard when his son asked how come he couldn't just talk to Watson. Experimentation with a low-cost Raspberry Pi microcomputer and equally inexpensive 7-inch touchscreen lead to the development of the voice operation, which allowed Spisak to ask the system verbal questions about cybersecurity. Now it's being tested in the field to provide security analysts with updates on new threats that have appeared, along with recommended remediation steps.

The company has also introduced BigFix Detect, a new endpoint detection and response (EDR) program.

"The Cognitive SOC is now a reality for clients looking to find an advantage against the growing legions of cybercriminals and next generation threats," said Denis Kennelly, vice president of development and technology in the security division, in a prepared statement. "Our investments in Watson for Cybersecurity have given birth to several innovations in just under a year. Combining the unique abilities of man and machine intelligence will be critical to the next stage in the fight against advanced cybercrime."