Threat Management
We’re building the next wave of tools and methodologies to help security and operations teams detect, understand, and respond to advanced cybersecurity threats and attacks on their infrastructure and in the cloud, with automated threat detection, investigation, and deflection capabilities.
Our work
IBM’s new AI-infused security technologies help defenders speed response to cyber attacks
ReleaseIan Molloy, Marc Stoecklin, and Yaron Wolfsthal8 minute read- AI
- Security
- Threat Management
The thrill of cyber threat hunting with Kestrel Threat Hunting Language
ReleaseXiaokui Shu, Paul Coccoli, Jiyong Jang, and Ian Molloy7 minute read- Security
- Threat Management
SysFlow: Scalable system telemetry for improved security analytics
ReleaseFrederico Araujo and Teryl Taylor5 minute read- Security
- Threat Management
Projects
SysFlow
Tech Preview: IBM Security Threat Investigator
Our team's work has been developed into a beta capability for the IBM Cloud Pak for Security. Threat Investigator finds cases that warrant an investigation and automatically starts investigating. It fetches artifacts that are attached to the cases, completes several rounds of data mining and then generates a timeline and MITRE ATT&CK chain graph of the incident.
Publications
- Naorin Hossain
- Alper Buyuktosunoglu
- et al.
- 2023
- DAC 2023
- Nathalie Baracaldo Angel
- Farhan Ahmed
- et al.
- 2023
- S&P 2023
- Xu Lin
- Fred Araujo
- et al.
- 2023
- S&P 2023
- 2023
- OSSNA 2023
- 2022
- AFT 2022
- Bishakh Chandra Ghosh
- Dhinakaran Vinayagamurthy
- et al.
- 2022
- ICBC 2022
IBM Solution: IBM QRadar Network Insights
Our innovations in real-time network traffic analysis are regularly incorporated into new capabilities for IBM QRadar Network Insights.
Tools + code
ART: Adversarial Robustness Toolbox
A Python library for machine learning security that enables developers and researchers to defend and evaluate machine learning models and applications against the adversarial threats of evasion, poisoning, extraction, and inference.
View project →Kestrel Threat Hunting Language
Kestrel threat hunting language provides an abstraction for threat hunters to focus on the high-value and composable threat hypothesis development instead of specific realization of hypothesis testing with heterogeneous data sources, threat intelligence, and public or proprietary analytics.
View project →SysFlow
SysFlow is a system telemetry framework that enables the creation of security analytics on a scalable, common open-source platform. The backbone of the telemetry pipeline is a compact open data format that lifts the representation of system activities into a flow-centric, object-relational model that reduces event fatigue and is particularly suitable for cloud-wide monitoring, stream analytics, and forensic investigation.
View project →
