IBM has revealed new technology and services that improve the way security teams use human machine and intelligence to fight, defend and respond to cyber-attacks.
The new technology contains a Resilient Incident Response Platform (IRP), which combined with Intelligent Orchestration can help significantly accelerate the incident response time.
IBM’s platform delivers the three key components required for a Security Operations and Response model, according to Gartner, into a single integrated platform. These include Security Orchestration and Automation, Security Incident Response Platforms and Threat Intelligence Platforms.
Delivering these capabilities through a unified platform offers an open platform to work on, with a new ‘drag and drop’ workflow engine, allowing workers to move and re-use integrations as security environments or plans change.
Organisations will benefit from the capabilities by improving the speed and agility of response process in addition to achieving rapid time to value of their security investments.
The power behind IBM’s Intelligent Orchestration is the ecosystem of partner integrations, such as Cisco and McAfee, which enables security teams to have an open and easy portal to share data and actions between solutions and security tools.
Activities across partner technologies, such as monitoring and escalation, identification and enrichment, communication and coordination, or containment, response, and recovery are automatically initiated using the platform and thus making a seamless execution.
Delivered via the IBM Security App Exchange, these integrations are enterprise-grade applications that can be easily added to any workflow.
Automation & Integration
Another key capability for connecting machine and human intelligence is the new IBM X-Force Threat Management services, using an AI engine to automate how IBM Security Services manages active threats for clients.
The platform joins together tools from IBM and various partners with machine learning and AI algorithms embedded into the platform, which aims to guide analysts through the threat management process and automates simple functions.
Integrating AI and machine learning into the platform removes the need or human intervention and instead automates certain steps in threat management, by using three AI engines to compare incidents against 600,000 past use cases.
The additional level of analysis added to IBM’s platform allows the system to automatically initiate specific actions of protection, such as dismissing false positive or duplicate alerts or escalating the incident for further investigation by a higher security analyst.
Using the new Resilient IRP, IBM’s system will also support the composition of more complex response activities from the platform and give customers the powerful tool to prioritize attacks, accurately identify the critical incidents, and automate tasks more efficiently.
“The collaboration between humans and intelligent machines is going to affect every industry,” said Marc van Zadelhoff, General Manager, IBM Security.
“In security, we see this manifesting itself first in the security operations center where the data only keeps growing. Companies have an opportunity with breakthroughs like AI for active threat management and Intelligent Orchestration to rewire incident response procedures for the age of intelligence.”
IBM also recently announced new ‘Skinny’ Mainframes, to accelerate the processing of encrypted transactions on a single system.