IBM brings AI to threat protection to accelerate alert investigations

IBM is adding generative AI capabilities to its managed threat detection and response services in an effort to streamline the identification and response to enterprise security exposures.

Big Blue said its AI-based Cybersecurity Assistant will help its global consulting analysts to respond more quickly to security alerts – the new capabilities reduced alert investigation times by 48% for one client, according to IBM.

The Cybersecurity Assistant works by analyzing patterns of historical, client-specific threat activity, and it helps security analysts better comprehend critical threats via a timeline view of attack sequences. Threat detection and response (TDR) platforms typically gather information from customers’ enterprise environments, such as servers, endpoints and other devices, and IBM’s TDR services integrate information from IBM X-Force’s global network of sensors and intelligence analysis.

The assistant will also recommend actions based on the historical patterns of analyzed activity and pre-set confidence levels, which can help to speed response times for clients and reduce attackers’ time to infiltrate an system. The Cybersecurity Assistant will continue to learn from investigations, which will further boost speed and accuracy going forward, according to IBM.

The idea is to help enterprise customers get a handle on the myriad vulnerabilities, alerts and security tools they have to deal with on a daily basis. By using AI and other analytics capabilities, IBM’s managed TDR services can automate away the noise and let IT teams focus on escalating critical threats to the business, IBM stated.

“By enhancing our Threat Detection and Response services with generative AI, we can reduce manual investigations and operational tasks for security analysts, empowering them to respond more proactively and precisely to critical threats, and helping to improve overall security posture for clients,” said Mark Hughes, global managing partner of cybersecurity services with IBM Consulting, in a statement.

The managed TDR service is offered by IBM Consulting and includes 24×7 monitoring, investigation, and automated remediation of security alerts from existing security tools as well as cloud, on-premises, and operational technology systems utilizing the enterprise network. The services can integrate information from more than 15 security event and incident management (SIEM) tools and multiple third-party endpoint and network detection and response packages, for example.

IBM’s MDR services compete in a broad market that includes similar services from Arctic Wolf, eSentire, CrowdStrike, Fortinet, Mandiant, Red Canary and others.

Read the latest network security stories:

• Qevlar AI tackles alert fatigue with autonomous investigation
• Aembit brings identity management to non-human workloads
• Dazz aims to unify security remediation with AI-driven platform
• dope.security puts a new spin on secure web gateways
• Mitiga zeros in on cloud and SaaS security
• Corelight boosts AI-driven network detection and response