The new advancements built on watsonx empower IBM Consulting security analysts to help clients accelerate alert investigation.
IBM announced the introduction of genAI capabilities to its managed Threat Detection and Response Services utilised by IBM Consulting analysts to advance and streamline security operations for clients. Built on IBM’s watsonx data and AI platform, the new IBM Consulting Cybersecurity Assistant is designed to accelerate and improve the identification, investigation and response to critical security threats.
In addition to being included in IBM Consulting’s threat detection and response practice, the Cybersecurity Assistant will be part of IBM Consulting Advantage,the AI services platform with purpose-built AI assets designed to empower IBM consultants to deliver value for clients with consistency, repeatability, quality and speed.
“As cyber incidents evolve from immediate crises to multi-dimensional and months-long events, security teams are facing the enduring challenge of too many attacks and not enough time or people to defend against them,” said Mark Hughes, Global Managing Partner of Cybersecurity Services, IBM Consulting. “By enhancing our Threat Detection and Response services with genAI, we can reduce manual investigations and operational tasks for security analysts, empowering them to respond more proactively and precisely to critical threats, and helping to improve overall security posture for clients.”
IBM’s Threat Detection and Response (TDR) Services can automatically escalate or close up to 85% of alerts; and now, by bringing together existing AI and automation capabilities with the new genAI technologies, IBM’s global security analysts can speed the investigation of the remaining alerts requiring action. Specifically, the new capabilities helped reduce alert investigation times by 48% for one client. The new Cybersecurity Assistant delivers the following:
Accelerate threat investigations and remediation with historical correlation analysis
The Cybersecurity Assistant is designed to help speed up complex threat investigations via historical correlation analysis of similar threats. Built into IBM’s TDR Services, the new capability cross-correlates alerts and enhances insights from SIEM, network, EDR, vulnerability and telemetry to provide a holistic and integrative threat management approach.
Streamlined operational tasks with an advanced conversational engine
The Cybersecurity Assistant includes a genAI conversational engine that provides real-time insights and support on operational tasks to both clients and IBM security analysts. In addition to responding to requests such as opening or summarising tickets, the conversational feature can automatically trigger relevant actions, including running queries, pulling logs, command explanations or enriching threat intelligence. By explaining complex security events and commands, the TDR Service can help reduce noise and boost overall SOC efficiency for clients.
Built in collaboration with IBM Research, the new IBM Consulting Cybersecurity Assistant takes advantage of IBM’s broader genAI capabilities – built on the company’s Granite foundation models, refined for production within IBM watsonx.ai, and tapping into IBM watsonx Assistant for the conversational chat interface.