Light Dark
April 16, 2018 By Marc van Zadelhoff 4 min read
Artificial Intelligence
CISO
Incident Response

As the RSA Conference kicks off this week, IBM Security will be approaching the anniversary of two important milestones. This time two years ago, we put our stake in the ground to lead the incident response space with the acquisition of Resilient Systems. At RSA last year, we brought the power of Watson to the cybersecurity industry to augment the skills of analysts in their security investigations.

These investments in response and artificial intelligence (AI) were made with a larger vision in mind: a move toward “automation of response” in cybersecurity. Today at RSA, we’re announcing major technology innovations and enhancements to how we deliver our services that will introduce a new era in which machine intelligence and human expertise are orchestrated seamlessly together across the entire threat life cycle.

The collaboration between man and intelligent machines will affect every industry in profound ways — and we’re leading the early phases of this shift. In security, we see this manifesting itself first in the security operations center (SOC), which is a hotbed of activity, with companies managing over 200,000 security events per day on average, according to an IBM Security estimate, hundreds of which are incidents that require analysts to take action and resolve.

Rewiring Incident Response and Threat Management With Machine Intelligence

Companies have an opportunity, with breakthroughs such as AI for active threat management and intelligent orchestration, to rewire incident response procedures for the age of intelligence. But, currently, organizations must invest substantial resources to manually integrate AI into their detection and response processes, creating a large barrier in the path toward intelligent automation.

Today, we’re announcing a major technology shift that will accelerate this journey and make it more widely available to companies of all sizes with the next-generation IBM Resilient Security Orchestration, Automation, and Response (SOAR) Platform with Intelligent Orchestration. The new platform dramatically accelerates and sharpens incident response by seamlessly combining incident case management, orchestration, automation, intelligence and deep two-way partner integrations into a single platform.

Another key component connecting machine and human intelligence will manifest in the new IBM X-Force Threat Management services announced today, which will take advantage of a patented AI engine that automates how IBM Security Services manages active threats for clients. Through the use of a new technology platform customized specifically for this service, IBM security analysts will now be able to orchestrate the full threat management life cycle more efficiently than ever before. Using three different AI engines, the platform compares incidents against 600,000 historical use cases and can help automate certain steps in the threat management process, which would normally require human intervention.

Together, these new technologies and services tackle an emerging issue around how humans and machine intelligence work together in highly complex environments to solve problems. But we can’t do it alone. During my keynote address this Thursday at the RSA Conference, I’ll share more about this necessary evolution in the security space and how the industry needs to come together across vendors and technologies to make this vision a reality and combat the huge skills and data overload challenge facing the industry.

With the combination of AI technologies to detect incidents and understand their full context, the automation of response via intelligent orchestration, and collaboration and integration across the industry, we can create the next-generation SOC — one in which companies have a guided path to respond quickly and analysts can spend more time focusing on complex and priority threats.

Resilient Adds Intelligent Orchestration Capabilities to Incident Response Platform

Over the past nine months, IBM has invested nearly 200,000 hours of research and development to create the new next-generation Resilient Incident Response Platform with Intelligent Orchestration.

A recent report from leading research firm Gartner reveals their Security Operations and Response (SOAR) model as having three types: Security Orchestration and Automation, Security Incident Response Platforms, and Threat Intelligence Platforms.* With this release, IBM Resilient delivers all three pillars of SOAR within a single integrated platform.

Security analysts can orchestrate and automate hundreds of time-consuming, repetitive and complicated response actions that previously required significant human intervention across their SOC tools. The new platform provides analysts with enterprise-grade, two-way integrations out of the box and a new drag-and-drop business process management notation (BPMN) workflow engine. This enables security teams to build more powerful dynamic playbooks that direct analysts through a fast, accurate and expert-level response process and ensures that the right incident information is delivered exactly when they need it.

Core to Intelligent Orchestration’s power is the robust ecosystem of partner integrations, also announced today, featuring partners such as Cisco, McAfee, Splunk, Carbon Black, Symantec and others. Together with these partner technologies, security teams have an open and easy way to share data and actions between technology solutions and security tools.

Read this blog to learn more about the new Resilient Incident Response Platform (IRP).

Embedding Intelligence Into Threat Management

Another innovation that will change the way security analysts and technologies interact is a new patented AI engine, which has been designed to further strengthen how IBM Security Services manages active threats for clients as part of the new X-Force Threat Management Services.

The IBM Threat Management Services have been designed to shift the focus of security analysts from remedial tasks to more impactful work, such as threat hunting, along with the necessary threat insight, prevention, detection and response required to manage risk and actions necessary in today’s cyberthreat environment.

IBM Security Services analysts will be able to orchestrate the full threat management life cycle more efficiently than ever through the use of a new technology platform customized specifically for this service. The new IBM X-Force Protection Platform connects tools from IBM and partners with new machine learning and AI algorithms embedded to guide analysts through the entire threat management process and automates many simple functions that previously required human intervention. Through the use of the new Resilient IRP, the system will also support the orchestration of more complex response activities using IBM and partner tools, all from within the Resilient platform.

These tools will be leveraged by thousands of IBM Security analysts working in state-of-the-art IBM X-Force Command Centers around the world. The Threat Management service can also be complemented by expert consulting services such as X-Force Red Offensive Security Services and X-Force Incident Response & Intelligence Services (IRIS).

To learn more about IBM X-Force Threat Management, read this blog.

*Gartner, “Preparing Your Security Operations for Orchestration and Automation Tools.”, Feb. 2018

 |  |  |  |  |  |  |  |  |  |  |  | 
Marc van Zadelhoff
General Manager, IBM Security

More from Artificial Intelligence
December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

December 17, 2024

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

December 12, 2024

Security roundup: Top AI stories in 2024

3 min read - 2024 has been a banner year for artificial intelligence (AI). As enterprises ramp up adoption, however, malicious actors have been exploring new ways to compromise systems with intelligent attacks.With the AI landscape rapidly evolving, it's worth looking back before moving forward. Here are our top five AI security stories for 2024.Can you hear me now? Hackers hijack audio with AIAttackers can fake entire conversations using large language models (LLMs), voice cloning and speech-to-text software. This method is relatively easy to…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature