IBM has released the next stage of its managed detection and response service offerings with new AI technologies, including the ability to automatically escalate or close up to 85 percent of alerts.
The new Threat Detection and Response (TDR) Services provide constant monitoring, investigation and automated remediation of security alerts from all relevant technologies across clients’ hybrid cloud environments. From existing security tools and investments, to the cloud, on-premise and operational technologies (OT), the TDR Services help to accelerate security response times for customers, according to IBM.
The TDR Services are delivered by IBM Consulting’s team of security analysts through IBM’s advanced security services platform, which applies multiple layers of AI and contextual threat intelligence from the company’s security network.
A set of AI-powered security technologies are utilized within the TDR Services that “support thousands of clients across the world, monitoring billions of potential security events per day”.
The AI models are said to continuously learn from real-world client data, including security analyst responses, engineered to automatically close low-priority and false positive alerts based on a client-defined confidence level. Additionally, this capability automatically escalates high-risk alerts that require immediate action by security teams and provides investigation context.
AI application means the services are designed to reconcile multiple detection tools and policies in place at an organization, resulting in an enterprise view into the best ways of detecting threats and assessing gaps to update within an ATT&CK framework.
Chris McCurdy, general manager, worldwide IBM Consulting Cybersecurity Services, said: “Security teams today are not just outnumbered by attackers, but also by the number of vulnerabilities, alerts and security tools and systems they’re tasked with managing on a day-to-day basis.
“By combining advanced analytics and real-time threat intelligence with human expertise, IBM’s new Threat Detection and Response Services can augment organizations’ security defenses with a capability that is scalable, continuously improving and strong enough for tomorrow’s threats.”