recently,IBM Announced the introduction of generative AI capabilities in its Managed Threat Detection and Response service for use by IBM Consulting analysts to collaborate with clients to advance and streamline security operations.
Built on watsonx, IBM's data and AI platform, the new IBM Consulting Cybersecurity Assistant is designed to accelerate and improve the identification, investigation and response to critical security threats.
In addition to being incorporated into IBM Consulting's Threat Detection and Response service, Cybersecurity Assistant will be part of IBM Consulting Advantage, an AI services platform that includes AI assets tailored to IBM Consulting consultants.
Mark Hughes, Global Managing Partner, Cybersecurity Services, IBM Consulting, explains, "As cyber incidents evolve from immediate crises to months-long, multi-dimensional events, security teams are facing a persistent challenge: encountering more attacks and not having enough time or people to defend against them. By augmenting our threat detection and response services with generative AI, we can reduce the manual investigative and operational tasks of security analysts, enabling them to respond to critical threats more proactively and accurately, and help our customers improve their overall security posture."
Specifically, the generative AI features are claimed to help customers reduce alert investigation time by 48%. IT House summarizes the features offered by the new Cybersecurity Assistant as follows:
1. Accelerate threat investigation and remediation through historical correlation analysis
Cybersecurity Assistant accelerates complex threat investigations by enabling historical correlation analysis of similar threats. This new capability, built into IBM's TDR service, cross-correlates alerts and deepens insights gained through SIEM, network, EDR, vulnerability and telemetry to provide a threat management approach.
By analyzing the history of threat activity and its patterns against a specific customer, security analysts will be equipped with more precise analysis capabilities, such as a deeper understanding of key threats by accessing a timeline view of attack sequences, which can provide more contextual information for investigations. Based on historical patterns and preset confidence levels of analyzed results, Cybersecurity Assistant can automatically recommend relevant measures to speed up customer response and reduce attacker dwell time. In addition, it continually learns from investigations and continuously improves speed and accuracy.
2、Simplify operational tasks by utilizing a conversational engine
Cybersecurity Assistant includes a generative AI dialog engine that provides real-time insight and support to clients and IBM security analysts on operational tasks. In addition to responding to requests, such as creating or summarizing problem tickets, the feature automatically triggers related actions, including running queries, extracting logs, command interpretation or enriching threat intelligence. By interpreting complex security events and commands, IBM's TDR service helps clients reduce noise and improve overall SOC efficiency.
The IBM Consulting Cybersecurity Assistant was developed in collaboration with IBM Research and makes extensive use of IBM's generative AI capabilities. Its key features are built on the Granite base model, optimized for production environments with IBM watsonx.ai, and use the IBM watsonx Assistant intelligent assistant in the conversational chat interface.