Identify and Understand threats with Watson for Cyber Security

Introducing Watson the cybersecurity Watson builds its corpus of knowledge by constantly ingesting information from data such as feeds, blogs, reports and advisories that it parses on the internet. It then constructs a security knowledge graph by identifying relationships between various entities along with supporting evidence and confidence ratings to find paths and links easily missed by humans Let’s look at how Watson investigates an offense in QRadar that consists of a proxy log and a suspicious downloaded file. QRadar Advisor first performs data mining in QRadar’s enormous data lake and extracts observables from suspicious behavior related to the victim machine to perform threat discovery for Watson, which in turn taps into its vast corpus of knowledge. Watson then constructs the threat insights graph and also uses reasoning to find additional insights and threat entities related to the original offense, such as malicious files, suspicious IP addresses, rogue entities and their relationships. QRadar Advisor then prunes this information to zero in on key insights and qualify the incident, identifying the root cause. Respond to threats with greater speed, scale and confidence. IBM Security

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *