IBM (NYSE: IBM) has announced the launch of generative AI capabilities for its managed Threat Detection and Response Services, which are used by IBM Consulting analysts to enhance and streamline security operations for clients. The new IBM Consulting Cybersecurity Assistant, built on IBM’s WatsonX data and AI platform, is intended to expedite and enhance the identification, investigation, and response to critical security threats.
Apart from being integrated into IBM Consulting’s threat detection and response practice, the Cybersecurity Assistant will also be a part of IBM Consulting Advantage, the AI services platform that includes purpose-built AI assets. These assets are designed to empower IBM consultants to consistently, repeatedly, and quickly deliver value to clients with high quality.
“As cyber incidents evolve from immediate crises to multi-dimensional and months-long events, security teams are facing the enduring challenge of too many attacks and not enough time or people to defend against them,” said Mark Hughes, Global Managing Partner of Cybersecurity Services, IBM Consulting. “By enhancing our Threat Detection and Response services with generative AI, we can reduce manual investigations and operational tasks for security analysts, empowering them to respond more proactively and precisely to critical threats, and helping to improve overall security posture for clients.”
IBM’s Threat Detection and Response (TDR) Services can automatically escalate or close up to 85% of alerts1; and now, by bringing together existing AI and automation capabilities with the new generative AI technologies, IBM’s global security analysts can speed the investigation of the remaining alerts requiring action. Specifically, the new capabilities helped reduce alert investigation times by 48% for one client. The new Cybersecurity Assistant delivers the following:
Accelerate threat investigations and remediation with historical correlation analysis
The Cybersecurity Assistant is designed to help speed up complex threat investigations via historical correlation analysis of similar threats. Built into IBM’s TDR Services, the new capability cross-correlates alerts and enhances insights from SIEM, network, EDR, vulnerability and telemetry to provide a holistic and integrative threat management approach.
Through the analysis of historical patterns of client-specific threat activity, security analysts will be better equipped to be proactive and precise. They will have access to a timeline view of attack sequences, which will aid in understanding critical threats and provide context to investigations. The assistant will also provide auto-recommended actions based on historical patterns of analyzed activity and pre-set confidence levels, thereby reducing response times for clients and minimizing attackers’ dwell time. As the Cybersecurity Assistant continues to learn from investigations, its speed and accuracy are expected to improve over time.
Streamlined operational tasks with an advanced conversational engine
The Cybersecurity Assistant has a generative AI conversational engine that offers real-time insights and support on operational tasks to both clients and IBM security analysts. Along with responding to requests like opening or summarizing tickets, the conversational feature can automatically trigger relevant actions, such as running queries, pulling logs, explaining commands, or enriching threat intelligence. By clarifying complex security events and commands, the TDR Service can help reduce noise and improve overall SOC efficiency for clients.
“With IBM’s advancements to its managed security services, businesses can gain a new level of insight into critical threats and benefit from technology that continuously learns from actions taken within their specific environment. This helps drive a cycle of increasingly accurate and rapid threat investigations, which is especially crucial today as businesses face a shortage of security resources and surplus in security risks and vulnerabilities,” said Craig Robinson, a Research Vice President for IDC’s Security Services Research Practice.
The new IBM Consulting Cybersecurity Assistant was created in partnership with IBM Research. It utilizes IBM’s powerful generative AI capabilities, which are based on the company’s Granite foundation models. These capabilities have been optimized for production within IBM watsonx.ai and leverage IBM watsonx Assistant for the conversational chat interface.