GenAI cybersecurity assistant lands from IBM

IBM recently announced the introduction of generative AI capabilities to its managed Threat Detection and Response Services utilized by IBM Consulting analysts to advance and streamline security operations for clients. Built on IBM's watsonx data and AI platform, the new IBM Consulting Cybersecurity Assistant is designed to accelerate and improve the identification, investigation and response to critical security threats.

In addition to being included in IBM Consulting's threat detection and response practice, the Cybersecurity Assistant will be part of IBM Consulting Advantage, the AI services platform with purpose-built AI assets designed to empower IBM consultants to deliver value for clients with consistency, repeatability, quality and speed.

IBM introduces GenAI cybersecurity assistant for threat detection and response Services

"As cyber incidents evolve from immediate crises to multi-dimensional and months-long events, security teams are facing the enduring challenge of too many attacks and not enough time or people to defend against them. By enhancing our Threat Detection and Response services with generative AI, we can reduce manual investigations and operational tasks for security analysts, empowering them to respond more proactively and precisely to critical threats, and helping to improve overall security posture for client," said Mark Hughes, Global Managing Partner of Cybersecurity Services, IBM Consulting.

IBM's Threat Detection and Response (TDR) Services can automatically escalate or close up to 85% of alerts1; and now, by bringing together existing AI and automation capabilities with the new generative AI technologies, IBM's global security analysts can speed the investigation of the remaining alerts requiring action. Specifically, the new capabilities helped reduce alert investigation times by 48% for one client. The new Cybersecurity Assistant delivers the following:

Accelerate threat investigations and remediation with historical correlation analysis

The Cybersecurity Assistant is designed to help speed up complex threat investigations via historical correlation analysis of similar threats. Built into IBM's TDR Services, the new capability cross-correlates alerts and enhances insights from SIEM, network, EDR, vulnerability and telemetry to provide a holistic and integrative threat management approach.

By analyzing patterns of historical, client-specific threat activity, security analysts will be equipped to be more proactive and precise. To help them better comprehend critical threats, analysts will have access to a timeline view of attack sequences, helping them to better comprehend the issue and provide more context to investigations. The assistant will also auto-recommend actions based on the historical patterns of analyzed activity and pre-set confidence levels, speeding response times for clients and helping to reduce attackers' dwell time. With the ability to continuously learn from investigations, the Cybersecurity Assistant's speed and accuracy is expected to improve over time.

Streamlined operational tasks with an advanced conversational engine

The Cybersecurity Assistant includes a generative AI conversational engine that provides real-time insights and support on operational tasks to both clients and IBM security analysts. In addition to responding to requests such as opening or summarizing tickets, the conversational feature can automatically trigger relevant actions, including running queries, pulling logs, command explanations or enriching threat intelligence. By explaining complex security events and commands, the TDR Service can help reduce noise and boost overall SOC efficiency for clients.

"With IBM's advancements to its managed security services, businesses can gain a new level of insight into critical threats and benefit from technology that continuously learns from actions taken within their specific environment. This helps drive a cycle of increasingly accurate and rapid threat investigations, which is especially crucial today as businesses face a shortage of security resources and surplus in security risks and vulnerabilities," said Craig Robinson, a Research Vice President for IDC's Security Services Research Practice.

Built in collaboration with IBM Research, the new IBM Consulting Cybersecurity Assistant takes advantage of IBM's broader generative AI capabilities - built on the company's Granite foundation models, refined for production within IBM watsonx.ai, and tapping into IBM watsonx Assistant for the conversational chat interface.