Business challenge

Security professionals are drowning in a sea of information because of the exponential increase in threat data. Sogeti sought a way to help its analysts more rapidly analyze potential threats.

Transformation

Sogeti extended its IBM QRadar platform using cognitive security from IBM Watson® to gain deeper intelligence, greater speed and improved accuracy in detecting and responding to threats.

Results

Reduced

threat investigation and root cause determination from 3 hours to 3 minutes

Strengthened

security posture for a large Benelux insurer

Rapidly identified

threats from foreign threat actors through translation capability

Business challenge story

Staying ahead of cybercriminals

Vincent Laurens, vice president and cyber security practice executive for Sogeti Luxembourg, calls security data analysts the next rock stars in the cyber security world, and for good reason.

“IBM QRadar Advisor with Watson is a real breakthrough for us and for our clients.”

—Vincent Laurens, Cyber Security Practice Executive, Vice President, Sogeti Luxembourg

With the volume of threat data growing at such dramatic rates, even the most skilled security professionals are drowning in a sea of information. Unstructured data in threat feeds, security blogs, forums, websites and bulletins is rapidly expanding, and it takes time for security experts to sift through and analyze the data.

“To be the most efficient, we need to be two or three steps ahead of the bad guys,” says Vincent Laurens. “That means getting answers from all the data in minutes instead of hours. Cognitive computing is a breakthrough. With IBM Watson, our analysts can think faster, judge more accurately and employ the best tactics.”

“Using Watson, our analysts are able to do things 50 percent faster than those without the Watson solution.”

—Vincent Laurens, Cyber Security Practice Executive, Vice President, Sogeti Luxembourg

Transformation story

Empowering SOC analysts with cognitive security

Several years ago, Sogeti Luxembourg and IBM developed an alliance in the Luxembourg marketplace to provide companies with a security operations center (SOC) that could help uncover advanced persistent threats. In this joint IBM-Sogeti SOC, IBM Security Services staff work alongside Sogeti personnel to help protect organizations from threats.

“By bringing together top-notch expertise from Sogeti and IBM, along with superior innovation, we are helping our clients improve and fortify their cyber security,” says Vincent Laurens.

IBM® QRadar® Security Intelligence Platform is used to provide advanced sense analytics to help the SOC analysts rapidly detect threats, identify vulnerabilities and prioritize risks. The platform manages on average 10,000 events per second per client and 50,000 flows per minute per client, with larger clients seeing substantially higher volumes.

“One of QRadar’s differentiators is that it enables us to create business context use cases,” explains Vincent Laurens. “For example, an insurer we work with was concerned hackers were performing quote requests against their online quoting apps to change their pricing model. Using QRadar, we can easily build a use case to detect this type of activity.”

“By bringing together top-notch expertise from Sogeti and IBM, along with superior innovation, we are helping our clients improve and fortify their cyber security.”

—Vincent Laurens, Cyber Security Practice Executive, Vice President, Sogeti Luxembourg

To gain even greater intelligence, speed and accuracy in detecting threats, Sogeti participated in the IBM QRadar Advisor with Watson beta test program.

The IBM QRadar Advisor with Watson harnesses the power of Watson for Cyber Security while investigating offenses and incidents in the QRadar SIEM system. Watson for Cyber Security uses core IBM Watson® technology to understand, reason and learn about security topics and threats. It harvests volumes of structured and unstructured security knowledge, which has been elusive to SOC analysts, so they can respond to threats more rapidly and with greater confidence.

Instead of conducting the beta in a test environment, Sogeti worked with one of its large insurance clients to test the platform in a real-world environment. The organization split the SOC team serving the client into two groups to accurately measure the benefit. One group served as the control group, while the second benefitted from the power of cognitive security to help connect the information more rapidly.

“Every time we saw an offense, the second team could push the offense to Watson to gain more context, and Watson delivered top-notch results,” says Vincent Laurens.

The benefit was so obvious that analysts who weren’t part of the beta began asking how they could participate.

The power of cognitive security is the speed and accuracy in which information is curated and disseminated for the analyst. As the IBM-Sogeti SOC team fed more information into Watson’s corpus of knowledge, the more precise Watson’s analysis became.

“Our experience has been great,” says Vincent Laurens. “I was pleased with how smoothly the process went, and our analysts were amazed by the contents of the Watson corpus. We’ve managed to gain everything we’ve wanted on day one, and we can evolve it on a day-to-day basis.”

Results story

Accelerating analysis by 50 percent

According to Vincent Laurens, the use of cognitive security with Watson has provided a “breakthrough” for both Sogeti and its customers, dramatically accelerating threat detection and response.

The SOC analysts that used the cognitive security capabilities were more productive and could more accurately identify false positives—a critical step to reduce the “noise” SOC analysts must sift through to identify threats.

“We were able to accelerate the analysis process by 50 percent,” says Vincent Laurens. “Our analysts were surprised. They could obtain answers in as little as two to three minutes, whereas the same result would have taken them two to three hours in the past.”

For example, Watson could much more quickly detect “twin threats”—two threats that often appear as separate threats using different names, IP addresses and patterns, but have the same origin and target. Additionally, Watson’s foreign language corpus enabled it to detect threats from foreign hackers.

The use of Watson is also helping the SOC analysts better keep pace with the continually changing threat landscape.

“We always learn in this domain,” says Vincent Laurens. “Putting so much information easily in the hands of an analyst helps them grow their knowledge base and generate a reaction so much faster. That’s one of the key benefits.”

For Sogeti, this is only the beginning.

“Cognitive is transforming cyber security as we speak,” says Vincent Laurens. “What we’re going to see in the next ten years will be even more transformative. IBM QRadar Advisor with Watson is a real breakthrough for us and for our clients.”

10981561

Sogeti Luxembourg

A subsidiary of the Capgemini Group, Sogeti Luxembourg is a leading provider of technology and software testing in Luxembourg, offering cutting-edge solutions for testing, business intelligence and analytics, mobile, cloud and cyber security.