Denis Kennelly, Chief Product Officer, IBM Security recently sat down with Enterprise Times to update us on what was happening with IBM Watson for Cyber Security. The product recently moved from research to general availability and we were interested in what it was doing and what problems it was addressing.,
One area where there is a lot of interest is in how IBM and its university partners are training Watson. One of the keys to Watson’s success in other fields is its ability to ingest very large volumes of data and then infer new knowledge from that data. Unlike other fields, however, cyber security is a fast moving environment. Adding new data and even taking away bad data presents challenges. Interestingly, IBM has reduced the speed of unloading and reloading the entire corpus literally down to minutes. When you look at the volume of data that entails, it is impressive.
IBM started by scanning in 1 million documents to Watson. Interestingly, this is not a static exercise. Kennelly told us that the documents are being scanned for changes every 5-10 minutes and updates are then applied to Watson. This is good news as it means the Watson for Cyber Security corpus is a living thing. IBM is also evolving Watson’s vocabulary, something Kennelly called an ongoing process of data analysis.
To get around the problem of dirty data forcing a rebuild of the Watson cyber security corpus, Kennelly told us that IBM can build another instance of Watson for Cyber Security on the side. This allows a hot switch over so that customers are never left exposed and the service remains up.
At the core of Watson for Cyber Security is the QRadar Platform. This gathers a lot of data from the enterprise including firewalls logs, application logs and other sources. It already looks for security indicators and once something suspicious is detected, it is passed to Watson for further investigation. Kennelly says that only 10-15 pieces of information are passed to Watson. This is well documented and will enable companies to ensure that they are not breaching privacy or data laws in country.
Kennelly talked a lot about the mechanics of what was being sent to Watson and what it does with the data. This is something that will interest security teams and CISOs. He also provides an insight into the product that is interesting and shows how much IBM has invested into Watson for Cyber Security.
To discover more about what Kennelly said, listen to the podcast online or download it to your device.
