Incident Response Challenge: Knowing What to PrioritizeIBM's Mike Spradbery on Triage, Machine Learning, Tennis
Much of the push for bringing artificial intelligence - often better known as machine learning - tactics to bear in information security has been to help security experts know where to focus and to much more quickly glean this information.
See Also: AI's Impact on SOC Maturity
"The quicker you can detect and respond to an incident, the more you're likely to be able to contain and minimize the risk associate with it," says Mike Spradbery, IBM's security technical leader for the U.K. and Ireland.
But today's security operations center analysts often face a deluge of security alerts, making it difficult to know where to start.
"We tend to find in security operations centers that analysts are either overworked or they have got so many different offenses to investigate that even triaging to get to the most important ones is very difficult," he says." So inevitably, they can't investigate everything they probably should do."
In a video interview at the recent Infosecurity Europe conference in London, Spradbery discusses:
- How IBM's Watson for Cybersecurity program helps analysts investigate security incidents;
- How IBM continues to help secure the Wimbledon tennis championships;
- The impact of the EU's General Data Protection regulation on incident response.
At IBM, Spradbery manages a diverse team of technical specialists who work with clients across all industries. During the past 20 years, he has worked with security, mobile, social and web experience technologies in a variety of business leadership, sales and technical roles.