IBM QRadar Advisor Expands Knowledge of Cybercriminal Techniques
IBM Security announced new capabilities for the company's AI-based security platform, QRadar Advisor with Watson, which expand the platform's knowledge of cybercriminal behavior and allow it to learn from security response activities within an organization.
IBM Security also is embracing the open-source MITRE ATT&CK framework, a playbook to help analysts understand how an attack has evolved and what might happen next based on real-world observations from the security community. The use of AI and machine learning technologies can equip analysts with the knowledge and automation needed to help them escalate critical threats faster and more effectively.
As part of the latest release, IBM has developed new analytic and learning models which enable QRadar Advisor to identify long and slow attack patterns and adapt to the local client environment. This learning loop gets smarter with time based on additional interactions and engagement with analysts, allowing the tool to provide stronger recommendations on how to respond, as well confidence ratings based on how incidents align with historical data.
"Standards like MITRE ATT&CK, which take advantage of the collective knowledge of the security community, are crucial to advancing the industry and helping security teams stay ahead of increasingly sophisticated threats," said Chris Meenan, Director of Security Intelligence Offering Management and Strategy, IBM Security. "Combining the ATT&CK framework of known adversary tactics with Watson for Cyber Security's ability to stay current on the latest security research, QRadar Advisor can help arm analysts of all levels with the knowledge needed to better respond to the threats they're facing."