IBM: Leveraging AI for a Smarter Kind of Cybersecurity

Ginni Rometty CEO, IBMGinni Rometty, CEO The RGS Nordic’s processing centres brim energy every day. As the workers look on, million tons of construction waste are cleansed and converted into materials that can be used for new projects, such as paving for roads or aggregate for noise barriers. Lars Peter Lundstrøm, Head of IT at RGS Nordic, explains, “Because we operate in an industry with relatively small margins, it’s essential for us to keep tight control over our costs.” To this end, RGS Nordic has issued mobile devices for workers at its waste processing centres to take pictures of the load, each time a customer drives a truck onto a weighbridge, ensuring proper documentation. While digitizing their business processes with mobile devices was proving to be a powerful way to control costs, this led to a significant challenge. “We knew that incoming regulations such as the GDPR would require us to demonstrate tight control over our employees’ personal data. To ensure that we could comply with the new obligations (and to enhance the security of our IT environment as a whole) we knew that we needed a robust approach to mobile device management (MDM),” states Lundstrøm. To solve the challenge, RGS Nordic turned to its IT outsourcing provider ADmire, an IBM Business Partner based in Denmark. Working with RGS Nordic, ADmire deployed IBM MaaS360 with Watson—a cloud-based MDM solution that helps simplifies the management and security of smartphones, tablets, laptops and more. With IBM MaaS360 with Watson to help govern its mobile devices in a centralized, standardized way, RGS Nordic demonstrated its compliance with new regulations such as the GDPR. “We have been very impressed by the level of granular insight and precise control that IBM MaaS360 with Watson gives us over our mobile devices,” Lundstrøm informs. “By building on our collaboration with ADmire, we’re in a strong position to comply with data privacy regulations and continue to digitize our business processes.”

Such has been the prowess that IBM has made when comes to leveraging AI for a smarter kind of cybersecurity. “Cyber crime, by definition, is the greatest threat to every profession, every industry, every company in the world. IBM believes there is a business opportunity in helping computer security pros make sense of the universe of literature and data surrounding cybersecurity. We are banking on Watson being able to reduce the rate of false positives that turn up in corporate security operations centres,” says Ginni Rometty, the CEO of IBM.

Cognitive AI at the Helm

When researching information about cybersecurity exploits, Watson uses its ability to understand, reason, and learn across a vast library of information. Providing this information to humans “amplifies” the human’s intelligence. Every attempt to manipulate data, whether it was using the abacus or Watson, has been an attempt to expand the information processing capabilities of people. Put simply, arming cybersecurity engineers with actionable intelligence not only makes them smarter but also about 60 times faster.

Cyber crime, by definition, is the greatest threat to every profession, every industry, every company in the world

Watson for Cyber Security, IBM’s cognitive AI, learns with each interaction to connect the dots between threats and provide actionable insights. The result: organizations can respond to threats with greater confidence and speed. Watson has an ever-growing cybersecurity corpus that gives it constant new insights that provide decision support and augmented intelligence to SOC analysts. According to a February 2017 IBM news release, the company had already digested a million cybersecurity documents. Using the URL concept, cognitive computing appears to be the way forward in the cybersecurity war.

Binding Security with QRadar

IBM’s security analytics platform QRadar teamed with Watson’s cognitive computing capabilities creates an adaptive and constantly learning SIEM. This has led it to assist in solving real world cybersecurity challenges. By providing cognitive analysis of events and informational data, the time to squash a security event can be reduced from hours to minutes. QRadar automatically investigate an incident or anomaly to identify the likely threat. It can quickly gather insights from millions of external sources and local data mining. Through the platform, organizations can apply cognitive reasoning to build relationships among discovered threat entities and get visibility into higher priority risks, critical systems impacted, and insider threats. They can also use actionable information to make a decision on remediation, and ensure that they don’t miss incidents in the future by automatically adding discovered threat indicators to watch lists.

IBM QRadar Security Information and Event Management (SIEM) helps security teams accurately detect and prioritize threats across the enterprise, and it provides intelligent insights that enable teams to respond quickly to reduce the impact of incidents. By consolidating log events and network flow data from thousands of devices, endpoints and applications distributed throughout your network, QRadar correlates all this different information and aggregates related events into single alerts to accelerates incident analysis and remediation. QRadar SIEM is available on premises and in a cloud environment.

Delivering a Holistic Solution

Using the confidence level for each attack progression contained in the platform, analysts can validate the threat, visualize how the attack has occurred and is progressing and uncover what tactics can still possibly occur. Through analysis of the local environment, QRadar Advisor recommends which new investigations should be escalated to assist the analyst with driving quicker and more decisive escalations. The organizations are also enabled to apply cognitive reasoning to identify the likely threat and connect threat entities related to the original incident such as malicious files, suspicious IP addresses, and rogue entities to draw relationships among these entities.
They can tap into Watson for Cyber Security to apply external unstructured data including threat intelligence feeds, websites, forums, and more automatically.

Further, QRadar also links investigations through connected incidents, reducing duplication of effort and extending the investigation beyond the current probable incident and alert. This allows the users to identify investigations with the greatest risk, run multiple investigations at the same time and sort and filter through the data to quickly understand where you should focus their attention. Through QRadar, organizations can also determine if they need to do additional tuning of their environment in the case of multiple duplicate investigations being triggered by the same events. In addition, IBM ensures that companies are able to scale and adapt quickly to changing business needs without compromising security, privacy or risk levels, while using IBM Cloud offerings. Delivered as a network security intelligence and analytics offering, IBM QRadar on Cloud can assist organizations in detecting cybersecurity attacks and network breaches so that they can take action before any considerable damage is done or begin to immediately respond to any critical data losses.
"We are banking on Watson being able to reduce the rate of false positives that turn up in corporate security operations centres"

As a cloud-based service, an organizational team will be focused on reviewing anomalous conditions and patching the most important asset vulnerabilities rather than acquiring and deploying technology components. The quickest and most cost-effective method of delivering the industry-leading security analytics capabilities, QRadar on Cloud can rapidly scale to the needs of business and enable teams to get up and running, collecting and investigating events in just days. Further, the solution fosters an ecosystem by providing over 450 out-of-the-box integrations, APIs and an SDK to help customers ingest data faster, gain deeper insights and extend the value of existing solutions.

Pushing the AI Boundaries

When it comes to leveraging AI to combat cybersecurity, IBM has always been upbeat. The conglomerate recently launched IBM Security Connect, a new platform designed to bring vendors, developers, AI, and data together to improve cyber incident response and abilities. “IBM Security Connect will help tackle some of the biggest security challenges today via open standards, which can help pave the way toward collaborative innovation,” mentions Rometty. “As it is built on open standards, it can help companies build unique microservices, develop new security applications, integrate existing security solutions, and leverage data from open shared services.”

IBM has been pushing for the integration and further development of AI solutions in the enterprise and by taking up a vendor-agnostic stance in the AI realm. Especially when the need for cybersecurity solutions is great, the company is setting itself up as one of the major AI-security players not only in the present but potentially the future.
- Justin S Gonsalves
    April 08, 2019
Share this Article:


Armonk, NY

Ginni Rometty, CEO

Helping companies getting a head start in assessing incidents to reduce cyber risks