An average size organization typically generates millions of events daily, ranging from firewall incidents to intrusion prevention system alerts. These events are sent to a security information and event management (SIEM) system such as IBM’s QRadar for real time analysis of threats. These incidents have a lot of false positives. Moreover, organizations have limited man hours, and cannot afford to spend time investigating false positives. There may also be shortage of skillsets to effectively investigate an incident in a timely manner. To overcome these challenges IBM utilizes the artificial intelligence, machine learning and cognitive computing capabilities of QRadar Advisor with Watson. In this breakout session, we will demonstrate how Qradar advisor facilitates security analysts in their daily tasks, talk about the underlying machine learning and cognitive infrastructure, and discuss the importance of introducing cognitive capabilities into cybersecurity education.
Moazzam Khan has been a security researcher with Watson for Cyber Security group. His research interests involve big data analytics, security intelligence, machine learning. He has authored several collections on recent threats on IBM's threat intelligence platform XFE. Prior to joining Watson for cyber security group Moazzam had worked with L3 engineering team with GX and XGS suite of intrusion prevention systems, Proventia M series and Enterprise Scanner. Moazzam holds a doctorate from Georgia Institute of Technologies in Electrical and Computer Engineering and teaches network communication, security and data science courses as adjunct faculty.