Posted on Leave a comment

IBM introduces new generative AI assistant for cybersecurity threat detection and response.

IBM logo

IBM announced today the addition of generative AI capabilities to its managed Threat Detection and Response Services. These enhancements, used by IBM Consulting analysts, aim to streamline and advance security operations for clients. Leveraging IBM’s watsonx data and AI platform, the new IBM Consulting Cybersecurity Assistant is built to speed up and enhance the identification, investigation, and response to critical security threats.

The Cybersecurity Assistant will be included in IBM Consulting’s threat detection and response practice and will also be part of IBM Consulting Advantage. This AI services platform, featuring purpose-built AI assets, is designed to help IBM consultants consistently deliver value for clients with repeatability, quality, and speed.

“As cyber incidents evolve from immediate crises to multi-dimensional and months-long events, security teams are facing the enduring challenge of too many attacks and not enough time or people to defend against them,” said Mark Hughes, Global Managing Partner of Cybersecurity Services, IBM Consulting. “By enhancing our Threat Detection and Response services with generative AI, we can reduce manual investigations and operational tasks for security analysts, empowering them to respond more proactively and precisely to critical threats, and helping to improve overall security posture for clients.”

IBM’s Threat Detection and Response (TDR) Services can automatically escalate or close up to 85% of alerts. By integrating existing AI and automation capabilities with new generative AI technologies, IBM’s global security analysts can now expedite the investigation of the remaining alerts that require action. For instance, these new capabilities reduced alert investigation times by 48% for one client. The new Cybersecurity Assistant offers the following benefits:

Accelerate threat investigations and remediation with historical correlation analysis

The Cybersecurity Assistant speeds up complex threat investigations through historical correlation analysis of similar threats. Integrated into IBM’s TDR Services, this capability cross-correlates alerts and enhances insights from SIEM, network, EDR, vulnerability, and telemetry data, providing a comprehensive threat management approach.

By analyzing patterns of client-specific threat activity, security analysts can be more proactive and precise. They will have access to a timeline view of attack sequences, helping them better understand critical threats and provide more context to investigations. The assistant also auto-recommends actions based on historical patterns and pre-set confidence levels, speeding response times and reducing attackers’ dwell time. With continuous learning from investigations, the Cybersecurity Assistant’s speed and accuracy will improve over time.

Streamlined operational tasks with an advanced conversational engine

The Cybersecurity Assistant includes a generative AI conversational engine that offers real-time insights and support on operational tasks to both clients and IBM security analysts. It can respond to requests like opening or summarizing tickets and automatically trigger relevant actions, such as running queries, pulling logs, explaining commands, or enriching threat intelligence. By clarifying complex security events and commands, the TDR Service helps reduce noise and enhance overall SOC efficiency for clients.

“With IBM’s advancements to its managed security services, businesses can gain deeper insights into critical threats and benefit from technology that continuously learns from actions taken within their specific environment. This drives increasingly accurate and rapid threat investigations, which is especially crucial today as businesses face a shortage of security resources and an abundance of security risks and vulnerabilities,” said Craig Robinson, Research Vice President for IDC’s Security Services Research Practice.

Developed in collaboration with IBM Research, the new IBM Consulting Cybersecurity Assistant leverages IBM’s broader generative AI capabilities – built on the Granite foundation models, refined for production within IBM watsonx.ai, and utilizing IBM watsonx Assistant for the conversational chat interface.

Geeks talk back