IBM has announced the integration of generative artificial intelligence (AI) capabilities into its managed threat detection and response (TDR) services. The move is intended to advance the ability of IBM Consulting analysts to improve and streamline security operations for clients.
Dubbed IBM Consulting Cybersecurity Assistant, the new model’s features are built on the watsonx data and AI platform. The new tool is set to become a core component of IBM Consulting Advantage, an AI services platform that includes purpose-built AI assets to support IB consultants to deliver consistent, high-quality, and rapid solutions to clients.
“As cyber incidents evolve from immediate crises to multi-dimensional and months-long events, security teams are facing the enduring challenge of too many attacks and not enough time or people to defend against them,” said Mark Hughes, IBM Consulting’s cybersecurity services global managing partner. “By enhancing our Threat Detection and Response services with generative AI, we can reduce manual investigations and operational tasks for security analysts, empowering them to respond more proactively and precisely to critical threats, and helping to improve overall security posture for clients.”
IBM claims new model can reduce alert investigation times by 48%
Developed in collaboration with IBM Research, the IBM Consulting Cybersecurity Assistant leverages IBM’s broader generative AI capabilities. It utilises the Granite foundation models refined for production within IBM watsonx.ai and incorporates the watsonx Assistant for its conversational interface. By combining the new generative AI technologies with existing AI and automation capabilities, IBM’s global security analysts are expected to expedite the investigation of the remaining alerts that require human intervention. According to IBM, its TDR Services can automatically escalate or resolve up to 85% of alerts – with Big Blue adding that its new model reduced alert investigation times by 48% for one client.
The Cybersecurity Assistant will speed up complex threat investigations through historical correlation analysis of similar threats. It enhances insights by cross-correlating alerts from various sources, such as SIEM, network, EDR, vulnerability, and telemetry, providing a comprehensive threat management approach. To aid in understanding critical threats, the assistant provides a timeline view of attack sequences, offering more context to investigations. It also auto-recommends actions based on historical patterns and pre-set confidence levels, reducing response times and attackers’ dwell time. IBM added that the assistant’s speed and accuracy are expected to improve continuously as it learns from investigations.
Besides, the Cybersecurity Assistant features a generative AI conversational engine that delivers real-time insights and support for operational tasks. This engine can automatically execute actions such as running queries, pulling logs, and enriching threat intelligence. It helps reduce noise and enhance the overall efficiency of security operations centres (SOCs) for clients by explaining complex security events and commands.
New wave of AI-powered cybersecurity platforms
Earlier this year, big tech companies unveiled their latest advanced threat intelligence tools. In May, Google introduced Google Threat Intelligence, designed to deliver actionable threat insights on a global scale. This tool features Gemini, an AI-powered agent that facilitates conversational search across a vast repository of threat intelligence. Gemini enables customers to gain insights and enhance their protection against threats swiftly.
Prior to that in April, Microsoft made its Copilot for Security service generally available worldwide. This generative AI solution assists security and IT professionals in identifying threats that may be overlooked, accelerating response times, and enhancing team expertise. Copilot for Security leverages extensive data and threat intelligence, including over 78 trillion security signals processed daily by Microsoft, combined with large language models to provide customised insights and recommend subsequent actions.
These developments are significant in line with recent UK government initiatives aimed at advancing cybersecurity. Last month, the UK Department for Science, Innovation and Technology (DSIT) announced £100m in funding for five new quantum hubs to boost advancements in cybersecurity, healthcare, and transport. Before that in May 2024, the UK government sought feedback on the ‘AI Cyber Security Code of Practice,’ which will provide guidelines for developers to protect their AI products from breaches and tampering, further supporting cybersecurity advancements.
Furthermore, IBM in its latest annual Cost of a Data Breach Report revealed that the global average cost of a data breach has surged to $4.88m in 2024, marking a 10% increase from the previous year. The report represented the largest year-on-year increase since the onset of the pandemic.