IBM has launched new generative AI capabilities within its managed Threat Detection and Response Services to enhance and streamline client security operations. Built on the IBM watsonx data and AI platform, the new IBM Consulting Cybersecurity Assistant aims to accelerate and enhance the identification, investigation, and response to critical security threats.
"As cyber incidents evolve from immediate crises to multi-dimensional and months-long events, security teams are facing the enduring challenge of too many attacks and not enough time or people to defend against them. By enhancing our Threat Detection and Response services with generative AI, we can reduce manual investigations and operational tasks for security analysts, empowering them to respond more proactively and precisely to critical threats, and helping to improve overall security posture for clients," said Mark Hughes, Global Managing Partner of Cybersecurity Services, IBM Consulting.
The Cybersecurity Assistant will be integrated into IBM's threat detection and response practice as well as the IBM Consulting Advantage platform. This platform, equipped with purpose-built AI assets, will enable IBM consultants to consistently deliver high-value solutions with speed and quality.
Accelerated threat investigations
The assistant aims to expedite complex threat investigations through historical correlation analysis of similar threats. Integrated into IBM's TDR Services, this feature cross-references alerts and enhances insights from SIEM, network, EDR, vulnerability, and telemetry sources, providing a comprehensive threat management approach.
By analyzing patterns of historical, client-specific threat activity, security analysts can adopt a more proactive and precise approach. The assistant offers a timeline view of attack sequences, providing context and clarity to investigations. It also auto-recommends actions based on historical activity patterns and pre-set confidence levels, thus speeding response times and reducing attackers' dwell time. As it continuously learns from ongoing investigations, the Cybersecurity Assistant's speed and accuracy are expected to improve.
Streamlined operational tasks
The Cybersecurity Assistant includes a generative AI conversational engine that provides real-time insights and support on operational tasks to both clients and IBM security analysts. It can respond to requests such as opening or summarizing tickets, running queries, pulling logs, explaining commands, and enriching threat intelligence. By clarifying complex security events and commands, the TDR Service helps reduce noise and increase the efficiency of Security Operations Centers (SOCs) for clients.
Developed in collaboration with IBM Research, the new IBM Consulting Cybersecurity Assistant leverages IBM's extensive generative AI capabilities. Built on the company's Granite foundation models and refined for production within IBM watsonx.ai, the assistant also leverages IBM watsonx Assistant for its conversational interface.