Security professionals are drowning in a sea of information because of the exponential increase in threat data. Sogeti sought a way to help its analysts more rapidly analyze potential threats.
Sogeti extended its IBM QRadar platform using cognitive security from IBM Watson® to gain deeper intelligence, greater speed and improved accuracy in detecting and responding to threats.
Reducedthreat investigation and root cause determination from 3 hours to 3 minutes
Strengthenedsecurity posture for a large Benelux insurer
Rapidly identifiedthreats from foreign threat actors through translation capability
Business challenge story
Staying ahead of cybercriminals
Vincent Laurens, vice president and cyber security practice executive for Sogeti Luxembourg, calls security data analysts the next rock stars in the cyber security world, and for good reason.
With the volume of threat data growing at such dramatic rates, even the most skilled security professionals are drowning in a sea of information. Unstructured data in threat feeds, security blogs, forums, websites and bulletins is rapidly expanding, and it takes time for security experts to sift through and analyze the data.
“To be the most efficient, we need to be two or three steps ahead of the bad guys,” says Vincent Laurens. “That means getting answers from all the data in minutes instead of hours. Cognitive computing is a breakthrough. With IBM Watson, our analysts can think faster, judge more accurately and employ the best tactics.”
Empowering SOC analysts with cognitive security
Several years ago, Sogeti Luxembourg and IBM developed an alliance in the Luxembourg marketplace to provide companies with a security operations center (SOC) that could help uncover advanced persistent threats. In this joint IBM-Sogeti SOC, IBM Security Services staff work alongside Sogeti personnel to help protect organizations from threats.
“By bringing together top-notch expertise from Sogeti and IBM, along with superior innovation, we are helping our clients improve and fortify their cyber security,” says Vincent Laurens.
IBM® QRadar® Security Intelligence Platform is used to provide advanced sense analytics to help the SOC analysts rapidly detect threats, identify vulnerabilities and prioritize risks. The platform manages on average 10,000 events per second per client and 50,000 flows per minute per client, with larger clients seeing substantially higher volumes.
“One of QRadar’s differentiators is that it enables us to create business context use cases,” explains Vincent Laurens. “For example, an insurer we work with was concerned hackers were performing quote requests against their online quoting apps to change their pricing model. Using QRadar, we can easily build a use case to detect this type of activity.”
To gain even greater intelligence, speed and accuracy in detecting threats, Sogeti participated in the IBM QRadar Advisor with Watson beta test program.
The IBM QRadar Advisor with Watson harnesses the power of Watson for Cyber Security while investigating offenses and incidents in the QRadar SIEM system. Watson for Cyber Security uses core IBM Watson® technology to understand, reason and learn about security topics and threats. It harvests volumes of structured and unstructured security knowledge, which has been elusive to SOC analysts, so they can respond to threats more rapidly and with greater confidence.
Instead of conducting the beta in a test environment, Sogeti worked with one of its large insurance clients to test the platform in a real-world environment. The organization split the SOC team serving the client into two groups to accurately measure the benefit. One group served as the control group, while the second benefitted from the power of cognitive security to help connect the information more rapidly.
“Every time we saw an offense, the second team could push the offense to Watson to gain more context, and Watson delivered top-notch results,” says Vincent Laurens.
The benefit was so obvious that analysts who weren’t part of the beta began asking how they could participate.
The power of cognitive security is the speed and accuracy in which information is curated and disseminated for the analyst. As the IBM-Sogeti SOC team fed more information into Watson’s corpus of knowledge, the more precise Watson’s analysis became.
“Our experience has been great,” says Vincent Laurens. “I was pleased with how smoothly the process went, and our analysts were amazed by the contents of the Watson corpus. We’ve managed to gain everything we’ve wanted on day one, and we can evolve it on a day-to-day basis.”
Accelerating analysis by 50 percentAccording to Vincent Laurens, the use of cognitive security with Watson has provided a “breakthrough” for both Sogeti and its customers, dramatically accelerating threat detection and response.
The SOC analysts that used the cognitive security capabilities were more productive and could more accurately identify false positives—a critical step to reduce the “noise” SOC analysts must sift through to identify threats.
“We were able to accelerate the analysis process by 50 percent,” says Vincent Laurens. “Our analysts were surprised. They could obtain answers in as little as two to three minutes, whereas the same result would have taken them two to three hours in the past.”
For example, Watson could much more quickly detect “twin threats”—two threats that often appear as separate threats using different names, IP addresses and patterns, but have the same origin and target. Additionally, Watson’s foreign language corpus enabled it to detect threats from foreign hackers.
The use of Watson is also helping the SOC analysts better keep pace with the continually changing threat landscape.
“We always learn in this domain,” says Vincent Laurens. “Putting so much information easily in the hands of an analyst helps them grow their knowledge base and generate a reaction so much faster. That’s one of the key benefits.”
For Sogeti, this is only the beginning.
“Cognitive is transforming cyber security as we speak,” says Vincent Laurens. “What we’re going to see in the next ten years will be even more transformative. IBM QRadar Advisor with Watson is a real breakthrough for us and for our clients.”
About Sogeti Luxembourg
A subsidiary of the Capgemini Group, Sogeti Luxembourg is a leading provider of technology and software testing in Luxembourg, offering cutting-edge solutions for testing, business intelligence and analytics, mobile, cloud and cyber security.
Take the next step
To learn more about cognitive security and IBM QRadar Advisor with Watson, visit: https://www.ibm.com/marketplace/cognitive-security-analytics
View more client stories or learn more about IBM Security