Watson takes on security analyst burn-out
Proliferating threats and a lack of specialised security skills is putting organisations at growing risk, with security analysts facing burnout in the face of the volume, variety and speed of insights needed.
So says Craig Botha, Business Development Manager: Advanced Technologies: IBM at Axiz, who says analyst fatigue is a real threat to enterprise security. “IBM reports that analysts are overwhelmed by repetitive work, with analyst fatigue resulting in a breakdown of defined processes and a high probability that an important indicator of compromise (IOC) is missed. Ninety-three percent of organisations are unable to triage all relevant threats and almost one-quarter feel they were lucky to escape with no business impact as a result of not investigating these alerts.”
Botha says in South Africa, there is not only a shortage of skills, but staff retention is a challenge: “If you can find a good security analyst, you can’t get them to stay for more than a few months. If you find a good one, they’re out of the door when they get their next certification.”
For those putting in their time in the security operations centre (SOC), there are a series of challenges to contend with: False positive alerts, once-off anomalies that could be missed, prioritisation of alerts, effective orchestration and simplified reporting. Botha says next-generation, proactive tools with embedded intelligence and automation help security analysts address these challenges.
IBM QRadar Advisor with Watson is revolutionising the way security analysts work, bringing advanced cognitive technologies into the SOC to alleviate alert fatigue and enable organisations to respond immediately across hybrid environments, he says.
IBM Security is ranked as a leader in the Gartner magic quadrant for SIEM and among the 11 most significant security analytics platforms in the Forrester Wave Security Analytics Q4 2020 report, which notes: "The strongest vendors offer analytics capabilities with multiple machine learning types and include security orchestration automation and response (SOAR). The combination of analytics and automation creates the opportunity for security analytics platforms to deliver intelligent operations with the capability of identifying threats and automatically responding to them."
IBM’s cognitive SOC QRadar Advisor with Watson combines IBM QRadar, the industry’s leading security analytics platform, with the cognitive capabilities of Watson for Cyber Security to automatically investigate and qualify security incidents.
Says Botha: “There are several solutions with embedded AI, but no other solution has Watson; he’s a genius, beyond what ordinary AI is capable of. Watson has reasoning and analytical capabilities and just keeps learning.” IBM QRadar Advisor with Watson gives SOCs and security analysts’ access to unprecedented intelligence, which continually learns and never gets tired, says Botha. “Security analysts might sit up all night going through logs and working on anomalies, but they can eventually burn out. Watson doesn’t get tired, he sprawls out – nothing else can perform like this, ingest like this and make inferences like this, on the fly. Once customers see what Watson is capable of, they are sold – even if they already have an SOC. IBM QRadar Advisor with Watson takes over the bottom tiers of security analytics and frees up your staff to do other things.”
Built on the cloud, Watson for Cyber Security explores data gathered from hundreds of thousands of sources, including websites, security forums and bulletins and then applies reasoning to discover additional insights and other threat entities related to an incident, such as malicious files, suspicious IP addresses, rogue entities and the relationships between them. Unlike humans, it does not forget the data it gathers. The result is that it can give security teams 10 times as many actionable insights to uncover new threats as they had available before. It also supports the MITRE ATT&CK framework, which is an open source playbook that details cyber criminal behaviours and allows analysts to visualise what stages of the attack have occurred and how it is progressing.
IBM QRadar Advisor with Watson detects insider threats by proactively monitoring user activity to look for anomalies, even ranking users by risk level and scoring their risk by their deviation from normal activity and the sensitivity of the assets involved.
“With QRadar Advisor with Watson, analysts gain accuracy, intelligence and speed that humans simply can’t match,” says Botha.
1. IBM Solution Brief – QRadar with Watson.
2. IBM QRadar Advisor with Watson: Revolutionizing the Way Security Analysts Work - Vijay Dheap.
3. IBM Tap into vast security knowledge.
4. eweek.com IBM Launches QRadar Advisor with Watson 2.0 With Enhanced Data Models.