IBM announced on Jan. 8 that it was awarded 9,100 patents in 2018, once again topping the list for the most U.S. patents granted in a given year. A core component of IBM's patent haul in 2018 was in cyber-security innovation, with more than 1,400 granted patents.
Among the security patents granted to IBM in 2018 is one for combating voice phishing, an activity that is also referred to as "vishing." IBM was also granted a patent for optimizing security analysis in cloud software-as-a-service (SaaS) environments that can help organizations correlate malicious activities. Another interesting security patent from IBM has to do with container security, enabling improved isolation capabilities.
"What the 1,400 patents shows is that IBM is doing a big push on cyber-security and it has become a key pillar of our DNA," Marc Ph. Stoecklin, principal research scientist and manager of Cognitive Cybersecurity Intelligence at IBM Research, told eWEEK. "After all, cyber-security is going to become one of the key pain points of every organization out there."
In general, Stoecklin said that at IBM there has been a large push on infusing artificial intelligence (AI) capabilities into cyber-security efforts. He noted that where a large portion of IBM's cyber-security patents are to be found is in ways that AI can be used to improve outcomes, such as better detection of advanced threats. IBM is also using AI to create virtual advisers that help security teams do a better job and respond to cyber-threats in an orchestrated approach.
The vishing patent is formally designated as US Patent #10,068,575 and is titled "Cognitive Security against Voice Phishing Activity." IBM's patent description explains that in a vishing attack, hackers use a voice-over-IP (VoIP) system to mask their caller identity in an attempt to trick victims. IBM has patented a question and answer system that could monitor and analyze a voice conversation between two parties to identify attempts by one party to deceive the other.
"This patent is about analyzing a conversation and trying to find out whether some personal information is trying to be extracted," Stoecklin said.
Improving security analysis is another core area of innovation for IBM with US Patent #10,084,804, which is titled "Optimizing Security Analysis in SaaS." The patent is about helping security teams enrich information from observed incidents in their Qradar SIEM (Security Information and Event Management) systems, according to Stoecklin. The enrichment innovation includes the ability to correlate threat data and other collected data to help infer the possibility of malicious activity.
"It is a very interesting patent which touches on a lot of technical aspects, including connecting dots and basically bridging knowledge gaps," he said. "This patent was a major breakthrough in helping security teams get faster responses and non-intuitive connections to information for security events they see and immediately know if there is anything else out there that they should be aware of."
In 2018, IBM was also granted a patent that could help improve container security. US Patent #9,886,303 defines an innovation for a specialized type of virtualization control.
According to IBM, the patent takes a lightweight approach to improving isolation and security between a cloud application and its host, while also reducing provisioning times and improving performance. The innovation described in the patent could enable organizations to more easily move data and applications securely across both on-premises and cloud environments.
Looking forward, Stoecklin said that his team has been working on innovation research related to cyber-security deception technologies, with multiple patent filings pending.
"We are rethinking the traditional approach of how security is being done today, with most organizations having a default deny strategy to block whatever you know you don't want to have on your network," he said. "But that is a huge risk on the defender because you have to know what you don't want."
With deception, the general idea is to let everyone in by default, and then place traps and decoys everywhere as an early warning system to detect malicious activity.
"We're putting in quite a bit of innovation at the moment into different types of cyber deceptive systems which help us to move risk from the defenders to the attackers," Stoecklin said. "It's a number of patents we're working on, we have already filed them, and they're using AI to start orchestrating some of these deceptive responses on different levels."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.