New WatsonX-powered advancements enable IBM Consulting security analysts to help clients accelerate alert investigations
August 5, 2024
ARMONK, NY, August 5, 2024 /PRNewswire/ — IBM (NYSE: IBM) today announced the introduction of generative AI capabilities into its Managed Threat Detection and Response Services IBM Consulting analysts are using this new software to improve and streamline clients’ security operations. Powered by IBM’s Watsonx data and AI platform, IBM Consulting’s new Cybersecurity Assistant is designed to accelerate and improve the identification, investigation and response to critical security threats.
In addition to being included in IBM Consulting’s Threat Detection and Response practice, the Cybersecurity Assistant will be part of IBM Consulting Advantagethe AI services platform with purpose-built AI assets to enable IBM consultants to deliver value to clients with consistency, repeatability, quality and speed.
“As cyber incidents evolve from immediate crises to multi-dimensional, months-long events, security teams face the ongoing challenge of too many attacks and not enough time or personnel to defend against them,” said Mark HughesGlobal Managing Partner of Cybersecurity Services, IBM Consulting. “By enhancing our threat detection and response services with generative AI, we can reduce manual investigation and operational tasks for security analysts, enabling them to respond more proactively and accurately to critical threats, and helping to improve clients’ overall security posture.”
IBM Threat Detection and Response (TDR) Services can automatically escalate or close up to 85% of alerts1; and now, by combining existing AI and automation capabilities with new generative AI technologies, IBM’s global security analysts can accelerate the investigation of remaining alerts requiring action. Specifically, the new capabilities reduced alert investigation times by 48% for one client. The new cybersecurity assistant delivers:
Accelerate threat investigations and remediation with historical correlation analysis
The Cybersecurity Assistant is designed to accelerate complex threat investigations through historical correlation analysis of similar threats. Integrated with IBM TDR Services, the new capability correlates alerts and improves information from SIEMnetwork, EDRvulnerability and telemetry to provide a holistic and integrative approach to threat management.
By analyzing historical and customer-specific threat activity patterns, security analysts will be equipped to be more proactive and accurate. To help them better understand critical threats, analysts will have access to a timeline view of attack sequences, helping them better understand the problem and provide more context to investigations. The assistant will also automatically recommend actions based on analyzed historical activity patterns and predefined confidence levels, speeding up customer response times and helping reduce attacker wait time. With the ability to continuously learn from investigations, the speed and accuracy of the cybersecurity assistant should improve over time.
Streamlined operational tasks with an advanced conversational engine
The Cybersecurity Assistant features a generative AI conversational engine that provides real-time insights and assistance on operational tasks to clients and IBM security analysts. In addition to responding to requests such as opening or summarizing tickets, the conversational feature can automatically trigger relevant actions, including running queries, extracting logs, explaining commands, or enriching threat intelligence. By explaining complex security events and commands, the Cybersecurity Assistant features a generative AI conversational engine that provides real-time insights and assistance on operational tasks to clients and IBM security analysts. TDR The service can help reduce noise and improve overall quality SOC efficiency for customers.
“IBM’s advancements in managed security services give organizations a new level of insight into critical threats and technology that continuously learns from the actions taken in their specific environment. This helps drive an increasingly accurate and rapid threat investigation cycle, which is especially critical today as organizations face a shortage of security resources and an excess of security risks and vulnerabilities,” said Craig Robinson, research vice president, Security Services Research Group, IDC.
Built in collaboration with IBM Research, the new IBM Consulting Cybersecurity Assistant leverages IBM’s broader generative AI capabilities, built on the company’s Granite core models, refined for production in IBM watsonx.ai and leveraging IBM watsonx Assistant for the conversational chat interface.
Additional sources
- Visit here for more information about IBM TDR services
- To inform about a free threat management workshop
- Join our webinar“Leveraging Security AI and Automation to Mitigate the Impact of Data Breaches,” on Tuesday September 17 has 11:00 AM ET
About IBM
IBM is a leading global provider of hybrid cloud and artificial intelligence services and consulting expertise. We help clients in more than 175 countries unlock insights from their data, streamline business processes, reduce costs, and gain a competitive advantage in their industries. More than 4,000 government and private sector entities in critical infrastructure areas such as financial services, telecommunications, and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to achieve digital transformation quickly, efficiently, and securely. IBM’s breakthrough innovations in artificial intelligence, quantum computing, industry cloud solutions, and consulting provide open and flexible options for our clients. All of this is underpinned by IBM’s longstanding commitment to trust, transparency, accountability, inclusion, and service.
1 Based on IBM internal analysis of aggregated performance data observed across engagements with over 340 clients as of July 2023. Up to 85% of alerts were handled automated rather than through human intervention, using AI capabilities within IBM’s Threat Detection and Response service. Actual results will vary based on client configurations and conditions and, therefore, generally expected results may not be provided.
Media contact:
Joel Rushing
Joel.Rushing@ibm.com
SOURCE IBM