2 min

IBM Security extends the capabilities of the QRadar Advisor with Watson with the MITRE framework. That machine learning system will help to detect cyber attacks, and learn from the reactions of the security within an organization.

The AI platform will work with the open-source MITRE ATT&CK knowledge database, which contains an archive of information about real cyber-attacks, techniques and exploits that have been abused to circumvent business security measures. The overview also contains a lot of different information, from http attacks, to the Dynamic Data Exchange, which parts have been hacked, the consequences of an infection and what the security teams can expect in the future.

Learning loops

IBM has equipped the latest version of QRadar Advisor with what it calls self-learning loops. These are new analytical models and algorithms that enable QRadar Advisor to recognize more attack patterns. The knowledge about this can then be adapted to the local environment. In addition, a system has been added that gives users an indication of how likely an incident is similar to previous incidents.

According to Chris Meenan, Director of Security Intelligence Offering Management and Strategy at IBM Security, standards like MITRE ATT&CK are crucial to improve the security of networks and devices. Attackers have increasingly sophisticated techniques and in order to stay one step ahead of them, the defense must be the best possible. QRadar Advisor can provide analysts at all levels with the knowledge they need to better respond to the threats they face.

Recommend actions

QRadar Advisor with Watson uses MITRE ATT&CK to take that knowledge one step further. QRadar Advisor provides a representation of how an attack can proceed and IBM wants to use this objective data to really recommend a number of actions.

For example, in case of a malware infection, QRadar Advisor could indicate which parts of a network are likely to be infected and which information has been stolen. These additional insights from QRadar Advisor can increase the skills of analysts and help them see the full extent of an attack.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.