Paul Coccoli

Jiyong Jang

Ian Molloy

Frederico Araujo

Teryl Taylor

Marc Stoecklin

Yaron Wolfsthal

Xiaokui Shu

Release

SysFlow: Scalable system telemetry for improved security analytics

IBM’s new AI-infused security technologies help defenders speed response to cyber attacks

The thrill of cyber threat hunting with Kestrel Threat Hunting Language

Building the next wave of tools to help security teams detect and deflect against advanced cybersecurity threats.

Threat Management

IBM Solution: IBM QRadar Network Insights

Tech Preview: IBM Security Threat Investigator

Automation and Reasoning in Threat Management

A cloud-native system telemetry framework that enables the creation of security analytics on a scalable, pluggable open-source platform.

SysFlow

DSAA 2023

ICLR 2024

S&P 2024

USENIX Security 2024

SYSTOR 2024

Big Data 2023

Security

AI can help sift through the noise to identify significant patterns in the increasingly large pools of data generated by enterprises. We’re reimagining IT operations, using AI to automate core processes, better detection and diagnosis, preformance monitoring, and explainable action recommendations.

AI for IT

Even advanced AI systems can be vulnerable to adversarial attacks. We’re making tools to protect AI and certify its robustness, including quantifying the vulnerability of neural networks and designing new attacks to make better defenses. And we’re helping AI systems adhere to privacy requirements.

Adversarial Robustness and Privacy

We’re making tools to protect AI and certify its robustness, and helping AI systems adhere to privacy requirements.

We’re working on building the most secure cloud infrastructure platforms. Our research focuses on ensuring the integrity of everything in the stack, reducing the attack surface of cloud systems, and advancing the use of confidential computing and hardware security modules.

Cloud Security

Advancing the system integrity of cloud systems in mission-critical situations.

As organizations move to the hybrid cloud, they must protect sensitive data and comply with regulations that allow them to take advantage of AI. We’re designing systems to monitor and protect data, building trust in AI through robust evaluation, certification, and hardening against attacks.

Data and AI Security

Designing systems to monitor and protect sensitive data for robust and secure AI systems on the hybrid cloud.

We’re building the next wave of tools and methodologies to help security and operations teams detect, understand, and respond to advanced cybersecurity threats and attacks on their infrastructure and in the cloud, with automated threat detection, investigation, and deflection capabilities.

automation-reasoning-threat-management.png

Threat Management

Our work

IBM’s new AI-infused security technologies help defenders speed response to cyber attacks

The thrill of cyber threat hunting with Kestrel Threat Hunting Language

SysFlow: Scalable system telemetry for improved security analytics

Projects

SysFlow

Automation and Reasoning in Threat Management

Tech Preview: IBM Security Threat Investigator

Publications

WannaLaugh: A Configurable Ransomware Simulator, Learning to Mimic Malicious Storage Traces

True Attacks, Attack Attempts, or Benign Triggers? An Empirical Measurement of Network Alerts in a Security Operations Center

Automated Synthesis of Effect Graph Policies for Microservice-Aware Stateful System Call Specialization

Curiosity-driven Red-teaming for Large Language Models

Pruning Federated Learning Models for Anomaly Detection in Resource-Constrained Environments

Are GNNs the Right Tool to Mine the Blockchain? The Case of the Bitcoin Generator Scam

IBM Solution: IBM QRadar Network Insights

Related topics