How Watson AI is helping companies stay ahead of hackers and cybersecurity attacks

By | 5 minute read | August 14, 2017

Key Points
– In today’s increasingly interconnected world, hacks, breaches and malware attacks have become a way of life. Cybercrime is projected to cause $6 trillion in damages by 2021.
– Even one breach can cost an enterprise hundreds of millions of dollars and destroy customer trust.
– Most breaches today are caused by “cyber blindness,” as there is no way to manually read and analyze the huge volumes of structured and unstructured data that security analysts need to process every day.
– AI and machine learning allow systems to continuously learn by constantly analyzing billions of data points to detect patterns and even predict attacks before they occur
– IBM uses Watson’s AI to add a cyber threat insight engine to its leading cybersecurity platform, QRadar Security Analytics Platform, helping clients analyze threats up to 50% faster.


Cybersecurity threats are growing at a record pace. Cybercrime is projected to cause more than $6 trillion in damages by 2021, and businesses are estimated to invest $1 trillion over the next five years to try to mitigate these threats.

According to Bloomberg, security incidents increased by 40% in 2016 from the previous year, setting a new record. While the verdict is still out for this year, the Identity Theft Resource Center’s (ITRC) mid-year report says that U.S. data breaches are up 29% from the same time last year, and may reach a 37% increase overall by the end of 2017.

Experts at the are even recommending businesses adopt a “Breach Acceptance” mindset, changing how they view threats and act to protect their data.

The fact is, cyberwarfare is maturing and becoming increasingly sophisticated, with hackers adding artificial intelligence (AI) to their toolbox enabling them to automate attacks, cause more damage and steal more data faster than ever before.

For cybersecurity analysts, every moment counts. The longer it takes to identify a severe risk out of the tens of thousands of possible incidents, the longer it will take to begin resolution actions and the more damage your company and customers may experience. But most of analysts’ time is spent searching through thousands of blogs, articles, reports, websites and databases to diagnose new threats, leaving less time for actually taking action.

AI and machine learning are helping fight “cyber blindness”

Many of the cyberattacks that go undetected before it’s too late are caused by “cyber blindness,” as it’s nearly impossible for security analysts to manually sift through the volumes of relevant structured and unstructured data that’s created every second of every day. Machine learning allows a computer to learn for itself. Imagine an environment where a machine learning system is constantly analyzing data across billions or trillions of logs per second (such as in a neural network) and is able to classify, detect patterns and behaviors, and eventually even predict attacks before they occur.

Previously, there weren’t any easy solutions to speedily connect all the dots and validate a high-priority attack or breach. Most present-day security systems can evaluate potential threats using complex visualizations of structured and curated data, but that’s clearly not enough. The advent of AI into cybersecurity is changing that.

AI can make a huge difference in threat detection, which is why the IBM Security team introduced IBM QRadar Advisor with Watson, combining the cognitive capabilities of Watson Discovery Service and Watson Knowledge Studio with the industry-leading security offerings of IBM.

Thanks to AI, the response time to cyberattacks is rapidly shrinking. Companies can no longer afford to take days or even hours to respond to cyberattacks. Today’s businesses have to be able to respond in minutes — and pretty soon, in just seconds —to be able to stay ahead of both threats and their competitors. But responding at this speed isn’t something humans alone can do. Integrating AI into security systems will be critical so companies can analyze large volumes of data, in real time.

In this video, IBM Security Analytics Architect Suzy Deffeyes provides a first-hand look at a Security Operations Center (SOC) and discusses the impact of cognitive security in helping analysts investigate and resolve threats faster.

Augmented intelligence: Empowering analysts to be more effective

At Watson, we believe that AI should help augment humans’ ability to work better and faster than ever before. Even with these cutting-edge technologies integrated into security systems, human analysts will need to train, oversee, make decisions, escalate issues and choose resolution options.

The benefit of AI for cybersecurity is to reduce the time and manual effort required by humans to process large volumes of data, so their time and expertise can be focused on more complex, sophisticated tasks and decision-making.

If the AI recommends that a potential attack requires a specific fix, human experts should be the ones to ultimately approve the course of action taken to remedy the risk. But systems cannot identify abnormal behaviors or malicious activity without first being being taught the language of cybersecurity so they know what indicators, anomalies or pattern etc. to look for.

For example, the word “virus” means something different in the security industry versus the healthcare industry. As companies grapple with a severe lack of skilled cybersecurity professionals, our goal is to help existing experts capture their knowledge and scale their expertise so businesses can do more with less.

Clients using QRadar Advisor with Watson report that it reduces the time their analysts spend analyzing Tier 1 threats by as much as 50%, allowing workers to prioritize fixes more quickly and take critical actions sooner.

With cognitive reasoning applied to huge volumes of constantly changing data, QRadar Advisor with Watson can rapidly gather evidence of compromise and even discover other threat entities related to the original offense. This includes malicious files, suspicious IP addresses, rogue entities and the relationships among these entities, and most importantly it derives and delivers relevant insights to analysts for confident, effective decision-making.

Cybersecurity as an industry isn’t new. But as technology has evolved to help analysts better fight cyberattacks, the same technology is also helping hackers unleash more sophisticated, damaging threats, some of which change profiles even as the attack is ongoing. Combine that with the fact that most businesses are moving their data and systems into the cloud, making old legacy security tools redundant.

Our cyber environment is changing every second of every day and hackers are constantly looking for new vulnerabilities. With Watson Discovery Service integrated into your systems, you can continuously explore, discover and learn from real-time data, and use powerful cognitive search, natural language processing, domain adaptation and machine learning to empower your analysts not only to keep up, but get ahead of hackers and cybercrime.