QRadar Advisor with Watson 2.0: The Next Evolution of the AI-Powered Security Platform

Key Features

Align attacks to the MITRE ATT&CK chain

Using the confidence level for each attack progression, analysts can validate the threat, visualize how the attack has occurred and is progressing and uncover what tactics can still possibly occur.

Analyst learning loop for a more decisive escalation process

Through analysis of the local environment, QRadar Advisor recommends which new investigations should be escalated to assist the analyst with driving quicker and more decisive escalations.

Enhanced Watson feedback using external threat intel feeds

Apply cognitive reasoning to identify the likely threat and connect threat entities related to the original incident such as malicious files, suspicious IP addresses, and rogue entities to draw relationships among these entities. Automatically tap into Watson for Cyber Security to apply external unstructured data including threat intelligence feeds, websites, forums, and more.

Perform cross-investigation analytics

QRadar Advisor will automatically link investigations through connected incidents, reducing duplication of effort and extending the investigation beyond the current probable incident and alert.

Priority list of investigations with the greatest risk

Identify investigations with the greatest risk, run multiple investigations at the same time and sort and filter through the data to quickly understand where you should focus your attention.

Proactive tuning of your environment for better security

Determine if you need to do additional tuning of your environment in the case of multiple duplicate investigations being triggered by the same events.

Customer case studies

Screen shot of Smarttech case study

Ronan Murphy, CEO Smarttech, talks Watson for Cyber Security

Smarttech

Screen shot of case study of Cargills Bank for IBM QRadar Advisor with Watson

Cargills Bank - pioneering the use of cognitive security

How customers use it

  • Quickly gather insights

    Quickly gather insights

    Problem

    Accelerating analysis and freeing up analysts' time.

    Solution

    Automatically investigate indicators of compromise and suspicious behaviors. Quickly gather insights by correlating millions of external sources against local data, while enabling analysts to focus on more complex parts of the response cycle.

  • Cognitive reasoning

    Problem

    Visualizing the scope and severity of a threat.

    Solution

    Apply cognitive reasoning to build relationships among discovered threat entities and get visibility into higher priority risks.

  • Faster response – now and in the future

    Faster response – now and in the future

    Problem

    Possibly missing incidents due to false positives, false negatives, or by lack of automation.

    Solution

    Use actionable information to make a decision on remediation. Ensure you don't miss incidents in the future by automatically adding discovered threat indicators to watch lists.

  • Focus on true positives

    Problem

    Determining how prevalent active threats are, and if they are related.

    Solution

    Easily see if related network events or flow communications related to a threat have gotten through or if the traffic was blocked by your existing defenses network. Focus efforts on active threats.

Technical details

Software requirements

To install and run QRadar Advisor with Watson, you will need to have the following setup in your environment:

  • IBM QRadar version 7.2.8 or higher
  • Local and Remote security monitoring
  • QRadar Console Internet Access required

Hardware requirements

There are no hardware requirements for IBM QRadar with Watson.

You may also be interested in

IBM QRadar SIEM

Protects assets and information from threats using contextual insights.

IBM QRadar on Cloud

Provides a SaaS version of QRadar SIEM, hosted in the IBM Cloud.

IBM QRadar User Behavior Analytics

Analyzes user activity to detect insider threats.

IBM Resilient Security Orchestration, Automation and Response (SOAR)

IBM Resilient Security Orchestration, Automation and Response (SOAR) Platform is the leading platform for orchestrating and automating incident response processes. IBM Resilient SOAR Platform quickly and easily integrates with your organization’s existing security and IT investments. It makes security alerts instantly actionable, provides valuable intelligence and incident context, and enables adaptive response to complex cyber threats. The latest innovation to IBM Resilient SOAR Platform, Dynamic Playbooks, provides the agility, intelligence, and sophistication needed to contend with complex attacks.