We’re building the next wave of tools and methodologies to help security and operations teams detect, understand, and respond to advanced cybersecurity threats and attacks on their infrastructure and in the cloud, with automated threat detection, investigation, and deflection capabilities.
Tools + code
ART: Adversarial Robustness Toolbox
A Python library for machine learning security that enables developers and researchers to defend and evaluate machine learning models and applications against the adversarial threats of evasion, poisoning, extraction, and inference.View project →
Kestrel Threat Hunting Language
Kestrel threat hunting language provides an abstraction for threat hunters to focus on the high-value and composable threat hypothesis development instead of specific realization of hypothesis testing with heterogeneous data sources, threat intelligence, and public or proprietary analytics.View project →
SysFlow is a system telemetry framework that enables the creation of security analytics on a scalable, common open-source platform. The backbone of the telemetry pipeline is a compact open data format that lifts the representation of system activities into a flow-centric, object-relational model that reduces event fatigue and is particularly suitable for cloud-wide monitoring, stream analytics, and forensic investigation.View project →
Our team's work has been developed into a beta capability for the IBM Cloud Pak for Security. Threat Investigator finds cases that warrant an investigation and automatically starts investigating. It fetches artifacts that are attached to the cases, completes several rounds of data mining and then generates a timeline and MITRE ATT&CK chain graph of the incident.
- CCS 2021
- Big Data Research
- FloCon 2021
- HICSS 2021
- Big Data 2020
- ESEC/FSE 2020
Our innovations in real-time network traffic analysis are regularly incorporated into new capabilities for IBM QRadar Network Insights.