IBM Patent Could Automate Cybersecurity Defenses

AI has made threat actors stronger, but it’s also enabling cybersecurity teams to build sturdier defenses.

That’s something IBM might be tackling: The company is seeking to patent “cybersecurity incident investigation automation,” relying on machine learning models to automate the way cybersecurity teams respond to and investigate potential cyber threats.

The proposed system would allow a machine learning model to study under a security analyst using tools that let the analyst triage and determine how to handle security threats, while the analyst narrates what they are doing and why, according to the patent application. 

First, the machine-learning model detects suspicious activity or identifies a hacking attempt, then categorizes the threat as a phishing attempt, malware or unauthorized access, for example.

It records what systems were affected and any other relevant data as it judges the severity of the threat and the situation at hand. Then, the model passes a recommendation to a human member of the cybersecurity team such as blocking an IP address or isolating a device. The member responds to that advice, then lets the AI complete the action. 

IBM’s patent isn’t the first time we’ve seen tech firms meld AI with their cybersecurity strategies. Wells Fargo has sought to patent AI-powered deepfake detection tech, Booz Allen Hamilton filed a patent for tech that finds and fixes software vulnerabilities and a recent Microsoft patent weeds out false alarms of attacks on cloud environments.

With cyber threats posing an immediate, ever-present threat, this system would allow teams to respond quickly and efficiently to potential issues with a mixture of automation and human input.