Professional Documents
Culture Documents
QRadar Advisor With Watson Luca Dalzoppo
QRadar Advisor With Watson Luca Dalzoppo
Luca Dalzoppo
Business Development Manager
luca_dalzoppo@it.ibm.com
March 2018
Your goals as a security operations team are fundamental
to business
2 IBM Security
But the pressures today make them hard to keep up with
“ My workload is
“
overwhelming and “ I don’t know where to
“
focus my time for the “ There is so much
information out there, it’s
“
repetitive. quickest response. impossible to find what’s
useful.
3 IBM Security
Artificial intelligence bridges this gap and unlocks a new
partnership between security analysts and their technology
Human Expertise
• Common sense • Abstraction
• Morals • Dilemmas
• Compassion • Generalization
AI: Cognitive
Security Analytics Security
• Data correlation • Unstructured analysis
• Pattern identification • Natural language
• Anomaly detection • Question and answer
• Prioritization • Machine learning
• Data visualization • Bias elimination
• Workflow • Tradeoff analytics
4 IBM Security
We want to tackle where the bulk of your team’s time is spent:
On the initial incident assessment phase
Response
Respond to security incidents and provide remediation
Threat Hunting
Perform deep-dive analysis, look for new analytic methods
for detecting and preventing threats
5 IBM Security
Introducing QRadar Advisor with Watson built with AI for the
front-line Security Analyst
Accelerates analysis by
1 automatically investigating
indicators of compromise
(internal and external) and
QRadar Advisor with Watson uses suspicious behavior
6 IBM Security
QRadar Advisor for Watson • Uses AI to analyze real-time incidents for
delivers on these values triage
̶ Automatically investigates evidence for
1 an alert or anomaly against Watson and
Accelerated applies ‘reasoning’ to identify the likely
threat
Analysis
• Gathers external and internal threat
indicators from alert
• Performs external (threat intelligence
research) and internal research on
indicators and entities (hash, domain, IP,
users, filename etc.)
Intelligent Investigation
• Highlights the existence and identity of
threat or outliers
7 IBM Security
QRadar Advisor for Watson • Identifies if communication with threat has
delivers on these values occurred or was blocked
• Highlights if malware has executed
Accelerated Analysis • Identifies criticality of systems impacted in
incident and shows high value assets
• Gives visibility to higher priority risks and
2 threats from insiders
Intelligent ̶ Integrated with User Behavior Analytics
Investigation (UBA) app to show user’s risk scores
̶ Reveals previous behaviors and actions
of users
• Connects other threat entities from original
offense to show relationship
Faster Response • Provides input for ad-hoc investigation
against collections of users and entities
8 IBM Security
QRadar Advisor for Watson
delivers on these values • Provides pertinent information to take
action on escalation
• Performs automatic hunting for indicators
Accelerated Analysis
• Exports threat and indicators to IR process
for remediation and/or blocking
3
Faster
Response
9 IBM Security
How it works – App that takes QRadar to the next level
10 IBM Security
How it works – Building the knowledge
Machine Learning /
Natural Language Processing
Extracts and Annotates Collected Data
11 IBM Security
How it works – Cognitive applied for cybersecurity
12 IBM Security
How it works – Use cases further defined
13 IBM Security
QRadar Advisor with Watson automates tedious tasks, simplifies
complex procedures, and presents its conclusions
14 IBM Security
We are excited to bring a variety of clients on this cognitive
journey with us
15 IBM Security
Accelerate incident analysis and apply AI with
QRadar Advisor with Watson
16 IBM Security
Sample Scenarios & Demo
Resources
Client Connecting to Botnet IP
WATSON INDICATORS BOTNET IP
18 IBM Security
External Scan
• Watson enriched
̶ Malware was part of a larger campaign
̶ Analysts used additional Indicators to
search for compromise
AppExchange
On-demand webinar – Rock your SOC (Security
Operations Center) with Watson for Cyber Security
Solution brief
21 IBM Security
THANK YOU
FOLLOW US ON:
ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind,
express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products
and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service
marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your
enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others.
No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems,
products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products
or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.