Dr. Marc Ph. Stoecklin is a Principal RSM and the Manager of the Cognitive Cybersecurity Intelligence group in the Security Research department at the IBM T.J. Watson Research Center in Yorktown Heights, NY. He leads the Cognitive Security activities at IBM Research with a particular focus on advanced threat detection, security and threat intelligence analysis, big data analytics using machine learning and data mining methods, malware analysis, cyber deception/active defense, as well as security data visualization.
Marc is leading the research efforts behind IBM's Watson for Cyber Security and QRadar Advisor with Watson and is an inventor of the methodologies and algorithms enabling the offering. He is leading and working on several client engagements to validate and operationalize advanced cognitive security analytics and threat intelligence research in real-world environment (including methodologies to detect stealthy and sophisticated beaconing behavior patterns of malware in corporate-scale networks).
Marc holds a PhD (Dr. ès sc.) degree in Computer, communication and Information sciences and a MSc degree in Communication Systems with specialization in "Information and Communication Security" both from École Polytechnique Fédérale de Lausanne (EPFL). In his PhD thesis, he developed novel unsupervised methods to detect and diagnose behavior-based anomalies on the network flow level.
In 2006, Marc joined IBM Research as a research scientist on the AURORA project. In this project, he contributed to the design and development of a flow-based network traffic monitoring system, which has been commercialized by IBM Tivoli in 2009. In parallel, he developed several behavior-based anomaly detection components for AURORA traffic monitoring system. In 2011, Marc joined the Global Security Analysis Lab (GSAL) at the IBM T.J. Watson Research Center in Hawthorne, NY where he participated in the development of the IBM Cyber Security Analytics and Intelligence research platform. In 2012, Marc became a Research Staff Member of the Cloud and Security Group in the Industry & Cloud Solutions department at IBM Research – Zurich, where he continued to deepen his focus on Cyber Security Analytics on the network level, both in traditional IT and industrial control systems [ICS] networks.
His research interests include network security analytics, big data analytics and minig, machine learning, behavior analysis, traffic monitoring, graph analytics, web-based UI technologies, and data visualization.