The News: IBM adds generative AI capabilities to its managed Threat Detection and Response Services, in order to help IBM Consulting analysts accelerate and improve their ability to identify, investigate, and respond to critical security threats for clients.
See the press release on IBM’s website for more details.
IBM Boosts Security Analyst Efficiency with Generative AI Assistant
Analyst Take: Security teams face the challenge of keeping pace with evolving and ever-more sophisticated threat vectors. Attackers have always been innovative, and now they have access to AI to help craft increasingly difficult-to-detect, multi-layered attacks. At the same time, the potential threat landscape is more vast and diverse than before. Simply put, the Security Operations Center (SOC) faces unprecedented pressures and challenges, rendering the ability to enhance the efficiency and effectiveness of threat detection and response (TDR) services a critical necessity.
In fact, The Futurum Group’s Cybersecurity Decision Maker IQ data indicates that for Security Information and Event Management (SIEM) decision makers considering switching vendors, the main motivation is the need to meet evolving security needs (e.g., increased data volume, new cloud and mobile data sources, keeping pace with the latest threats). We also found that Extended Detection and Response (XDR) decision makers considering new vendors are most interested in expanding threat detection capabilities, for example, adding advanced threat hunting.
For its part, IBM has built the new IBM Consulting Cybersecurity Assistant Built on its watsonx data and AI platform, introducing generative AI capabilities to its managed TDR offering. The new offering will automate tasks, provide real-time insights, and streamline security operations for analysts.
The AI will automatically enrich threat intelligence data, providing a richer context for better decision-making. At the same time, the automation will boost efficiency and speed time to detection and response. This will serve to reduce “noise” and false positives within the TDR workflow. The assistant’s ability to explain commands is particularly valuable, as it fosters deeper understanding among analysts and promotes collaboration between humans and AI. This is all notable because, traditionally, TDR teams are bogged down by a deluge of alerts, requiring manual investigation to identify and prioritize real threats. This time-consuming process can leave critical vulnerabilities exposed.
Specifically, IBM’s new AI assistant automates:
- Ticket Management, including responding to routine requests such as opening or summarizing tickets, freeing analysts to focus on complex issues.
- Data Retrieval, including executing queries, pulling logs, and explaining commands, reducing the time analysts spend gathering information.
This announcement highlights a growing trend within the cybersecurity industry: the strategic integration of AI to help speed up complex threat investigations via historical correlation analysis of similar threats. Analyzing patterns of historical, client-specific threat activity equips security analysts to be more proactive and precise – empowering, rather than replacing, them.
Specifically, IBM’s new tool, built into IBM’s TDR Services, cross-correlates data from SIEM, network, EDR, vulnerability, and telemetry for comprehensive visibility. It built in collaboration with, and as a result taps the expertise in generative AI of, the IBM Research team.
It is relevant that IBM is in the process of selling its QRadar SIEM platform to Palo Alto Networks, in a deal that is slated to close later in 2024. As a part of the deal, IBM’s consulting practice is going to be trained on Palo Alto Networks’ modern Cortex Extended Security Intelligence and Automation (XSIAM) platform. The Futurum Group anticipates that, especially as IBM moves away from offering its own SIEM product, it will increase support for third-party SOC tools, opening up new opportunities for its security consulting team and enhancing potential value for clients. What remains to be seen is the impact of the slated move of the IBM Security X-Force Threat Intelligence team to Palo Alto Networks as a part of the deal.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other Insights from The Futurum Group:
Krista Gets Married and Outages, Outages and more Outages – Infrastructure Matters, Episode 49
Palo Alto Networks Acquires IBM QRadar, Enhancing AI Security
IBM Reports Q2 2024 Financial Results: Key Insights and Performance Review
Author Information
With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.
Prior to joining The Futurum Group, Krista led the data protection practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.
