Threat Management
We’re building the next wave of tools and methodologies to help security and operations teams detect, understand, and respond to advanced cybersecurity threats and attacks on their infrastructure and in the cloud, with automated threat detection, investigation, and deflection capabilities.
Our work
Projects
Automation and reasoning in threat management
- Threat Management
SysFlow
- Threat Management
- Cloud Security
- Security Analysis
Tech Preview: IBM Security Threat Investigator
Our team's work has been developed into a beta capability for the IBM Cloud Pak for Security. Threat Investigator finds cases that warrant an investigation and automatically starts investigating. It fetches artifacts that are attached to the cases, completes several rounds of data mining and then generates a timeline and MITRE ATT&CK chain graph of the incident.
Publications
- 2022
- AFT 2022
- 2022
- ICBC 2022
- 2021
- CCS 2021
- 2021
- Black Hat Europe 2021
- 2021
- SDM 2021
- 2021
- Big Data Research
IBM Solution: IBM QRadar Network Insights
Our innovations in real-time network traffic analysis are regularly incorporated into new capabilities for IBM QRadar Network Insights.
Tools + code
ART: Adversarial Robustness Toolbox
A Python library for machine learning security that enables developers and researchers to defend and evaluate machine learning models and applications against the adversarial threats of evasion, poisoning, extraction, and inference.
View project →Kestrel Threat Hunting Language
Kestrel threat hunting language provides an abstraction for threat hunters to focus on the high-value and composable threat hypothesis development instead of specific realization of hypothesis testing with heterogeneous data sources, threat intelligence, and public or proprietary analytics.
View project →SysFlow
SysFlow is a system telemetry framework that enables the creation of security analytics on a scalable, common open-source platform. The backbone of the telemetry pipeline is a compact open data format that lifts the representation of system activities into a flow-centric, object-relational model that reduces event fatigue and is particularly suitable for cloud-wide monitoring, stream analytics, and forensic investigation.
View project →