New threat detection and response services from IBM leverage AI models that learn from real-world client data and are engineered to automatically close low priority and false positive alerts based on enterprise-defined parameters. Credit: Thinkstock IBM is rolling out AI-based managed services that promise to help network and security operations teams more quickly and effectively respond to enterprise cyber threats. Managed by the IBM Consulting group, the Threat Detection and Response (TDR) Services offering promises 24×7 monitoring, investigation, and automated remediation of security alerts from existing security tools as well as cloud, on-premises, and operational technology systems utilizing the enterprise network. The services can integrate information from more than 15 security event and incident management (SIEM) tools and multiple third-party endpoint and network detection and response packages, for example. The idea is to help enterprise customers get a handle on the myriad vulnerabilities, alerts and security tools they have to deal with on a daily basis. By using AI and other analytics capabilities, the new managed services can automate away the noise and let IT teams focus on escalating critical threats to the business, IBM stated. IBM’s new TDR Services, available now, typically work without requiring agents to gather information from customers’ enterprise environment, such as servers, endpoints and other devices. Combined with information from IBM X-Force’s global network of sensors and intelligence analysis, the services use AI models and tools to filter out client-defined, non-critical problems and false positives to automatically generate high-risk alerts that require immediate action by security teams while offering investigation context, according to IBM. “IBM [managed detection and response (MDR)] is able to detect threats across the entire IT estate, do network-based detections including full packet capture and inspection, as well as detect a wide range of malicious activity, including ransomware and evasive malware. The service also includes attacker behavior analytics,” according to a recent MDR report from KuppingerCole. “IBM MDR is able to execute predefined containment actions automatically, including terminating processes and network sessions, isolating hosts, blocking communications by port and IP, quarantining files, carrying out sinkholing, and preventing registry changes,” KuppingerCole stated. IBM’s MDR services compete in a broad market that includes similar services from Arctic Wolf, eSentire, Fortinet, Proficio, ReliaQuest, and Sophos, according to KuppingerCole. Managed security services are driving an uptick in the broader IT managed services market, according to a recent study done by Canalys and commissioned by Cisco. The study found that while total IT spending is forecast to grow 3.5% globally in 2023, IT managed services revenue is expected to grow 12.7%. Cybersecurity and cyber-resilience services, in particular, are helping drive this increase. “In response to evolving threats, we’ll see growth in networking and endpoint management along with a rise in detection and response. Demand for compliance will also expand due to new regulations,” Canalys wrote. “In a move toward increased specialization, areas of focus include data analytics and AI to optimize processes and systems, making services more predictive and proactive.” The adoption of MDR is typically in response to a security breach, regulatory requirements, mergers and acquisitions, and increased demand by the organization’s board for improved cyber security status reporting, according to KuppingerCole analysts. There are a number of other drivers as well, including the rapidly increasing adoption of cloud services and the need to secure critical data in the cloud; the recognition of ransomware as a major cybersecurity threat; the expansion of IT environments to include mobile, edge, and cloud computing; the adoption of home working/hybrid working post pandemic; and the rapid increase in the amount of data that organizations are producing, the analyst group found. “For many organizations, MDR is the only way they are able to consolidate all of their security threats, tools, and systems into a single point of control to address and resolve all alerts, monitor and respond to all indicators of potential compromise by analyzing all security data, and evaluate the effectiveness of existing controls to identify where and how this can be improved,” KuppingerCole stated. Related content news Alkira expands NaaS platform with ZTNA capabilities Network-as-a-service vendor Alkira looks to extend security down to user policies and posture for a full zero-trust approach. By Sean Michael Kerner Oct 23, 2024 6 mins SaaS Network Security Networking news IBM launches platform to protect data from AI and quantum risks The SaaS-based Guardium Data Security Center provides unified controls for protecting data across distributed environments, including hybrid cloud, AI deployments and quantum computing systems. By Michael Cooney Oct 22, 2024 4 mins Generative AI Hybrid Cloud High-Performance Computing analysis Gartner: Top 10 strategic technology trends for 2025 Agentic AI, post-quantum cryptography, AI governance, and hybrid computing are among the most pressing and potentially disruptive trends that enterprises are facing, Gartner reports. By Michael Cooney Oct 21, 2024 8 mins Generative AI Edge Computing Network Security analysis Has the time come for integrated network and security platforms? Platformization buy-in has been elusive in the past, but AI could be the impetus for enterprises to give new consideration to the idea of a consolidated network and security platform. By Michael Cooney Oct 21, 2024 5 mins SASE Generative AI Network Security PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe