IBM boosts detection and response services with AI tech

Many security cameras situated on a wall, one line of cameras to the right-hand side are white | IBM

Key Takeaways

IBM has launched enhanced managed detection and response services using AI technologies to automate the escalation and closure of up to 85% of security alerts.

The new Threat Detection and Response (TDR) Services continuously monitor and remediate security alerts across hybrid cloud environments, leveraging advanced security analytics and contextual threat intelligence.

The AI models within TDR Services learn from real-world data to improve threat detection and response, enabling organizations to efficiently manage vulnerabilities and security alerts while enhancing overall security posture.

IBM has released the next stage of its managed detection and response service offerings with new AI technologies, including the ability to automatically escalate or close up to 85 percent of alerts.

The new Threat Detection and Response (TDR) Services provide constant monitoring, investigation and automated remediation of security alerts from all relevant technologies across clients’ hybrid cloud environments. From existing security tools and investments, to the cloud, on-premise and operational technologies (OT), the TDR Services help to accelerate security response times for customers, according to IBM.

The TDR Services are delivered by IBM Consulting’s team of security analysts through IBM’s advanced security services platform, which applies multiple layers of AI and contextual threat intelligence from the company’s security network.

A set of AI-powered security technologies are utilized within the TDR Services that “support thousands of clients across the world, monitoring billions of potential security events per day”.

The AI models are said to continuously learn from real-world client data, including security analyst responses, engineered to automatically close low-priority and false positive alerts based on a client-defined confidence level. Additionally, this capability automatically escalates high-risk alerts that require immediate action by security teams and provides investigation context.

AI application means the services are designed to reconcile multiple detection tools and policies in place at an organization, resulting in an enterprise view into the best ways of detecting threats and assessing gaps to update within an ATT&CK framework.

Chris McCurdy, general manager, worldwide IBM Consulting Cybersecurity Services, said: “Security teams today are not just outnumbered by attackers, but also by the number of vulnerabilities, alerts and security tools and systems they’re tasked with managing on a day-to-day basis.

“By combining advanced analytics and real-time threat intelligence with human expertise, IBM’s new Threat Detection and Response Services can augment organizations’ security defenses with a capability that is scalable, continuously improving and strong enough for tomorrow’s threats.”