TapTechNews August 13th news, recently, IBM announced the introduction of Generative AI capabilities in its managed threat detection and response services for use by analysts at IBM Consulting to collaboratively advance and simplify security operations.
The brand-new IBM Consulting Cybersecurity Assistant is built on IBM's data and AI platform watsonx and aims to accelerate and improve the identification, investigation, and response to critical security threats.
In addition to being incorporated into IBM Consulting's threat detection and response services, the Cybersecurity Assistant will also be part of IBM Consulting Advantage, an AI service platform that includes AI assets tailored for IBM consultants.
Mark Hughes, the global managing partner of IBM Consulting's cybersecurity services, said, As cyber incidents evolve from immediate crises to multi-dimensional events lasting for months, security teams are facing persistent challenges: more attacks and not enough time or personnel to defend. By enhancing threat detection and response services with Generative AI, we can reduce the manual investigation and operational tasks of security analysts, enabling them to respond to critical threats more proactively and accurately and helping clients improve the overall security posture.
Specifically, the Generative AI capabilities are claimed to have helped customers reduce the alarm investigation time by 48%. TapTechNews summarizes the functions provided by the brand-new Cybersecurity Assistant as follows:
1. Accelerate threat investigation and remediation through historical correlation analysis
The Cybersecurity Assistant can conduct historical correlation analysis on similar threats to accelerate the speed of complex threat investigations. This new function is built into IBM's TDR services and can cross-correlate alerts and deepen the insights obtained through SIEM, network, EDR, vulnerabilities, and telemetry to provide threat management approaches.
By analyzing the historical patterns of threat activities and their patterns for specific clients, security analysts will have more accurate analysis capabilities, such as by accessing the timeline view of the attack sequence to understand key threats more deeply and thus provide more context for the investigation. Based on the historical patterns and preset confidence levels of the analysis results, the Cybersecurity Assistant can automatically recommend relevant measures to accelerate the response speed of clients and reduce the dwell time of attackers. In addition, it can continuously learn from the investigations and continuously improve the speed and accuracy.
2. Simplify operational tasks using the conversational engine
The Cybersecurity Assistant includes a Generative AI conversation engine that can provide real-time insights and support to clients and IBM security analysts for operational tasks. In addition to responding to requests (such as creating or summarizing trouble tickets), this function will automatically trigger relevant operations, including running queries, extracting logs, command interpretation, or enriching threat intelligence. By interpreting complex security events and commands, IBM's TDR services can help clients reduce noise and improve the overall SOC efficiency.
The IBM Consulting Cybersecurity Assistant was developed in collaboration with IBM Research and extensively uses IBM's Generative AI capabilities. Its main functions are built on the Granite base model, optimized for the production environment with the help of IBM watsonx.ai, and uses the IBM watsonx Assistant intelligent assistant in the conversational chat interface.