As the RSA Conference kicks off this week, IBM Security will be approaching the anniversary of two important milestones. This time two years ago, we put our stake in the ground to lead the incident response space with the acquisition of Resilient Systems. At RSA last year, we brought the power of Watson to the cybersecurity industry to augment the skills of analysts in their security investigations.

These investments in response and artificial intelligence (AI) were made with a larger vision in mind: a move toward “automation of response” in cybersecurity. Today at RSA, we’re announcing major technology innovations and enhancements to how we deliver our services that will introduce a new era in which machine intelligence and human expertise are orchestrated seamlessly together across the entire threat life cycle.

The collaboration between man and intelligent machines will affect every industry in profound ways — and we’re leading the early phases of this shift. In security, we see this manifesting itself first in the security operations center (SOC), which is a hotbed of activity, with companies managing over 200,000 security events per day on average, according to an IBM Security estimate, hundreds of which are incidents that require analysts to take action and resolve.

Rewiring Incident Response and Threat Management With Machine Intelligence

Companies have an opportunity, with breakthroughs such as AI for active threat management and intelligent orchestration, to rewire incident response procedures for the age of intelligence. But, currently, organizations must invest substantial resources to manually integrate AI into their detection and response processes, creating a large barrier in the path toward intelligent automation.

Today, we’re announcing a major technology shift that will accelerate this journey and make it more widely available to companies of all sizes with the next-generation IBM Resilient Security Orchestration, Automation, and Response (SOAR) Platform with Intelligent Orchestration. The new platform dramatically accelerates and sharpens incident response by seamlessly combining incident case management, orchestration, automation, intelligence and deep two-way partner integrations into a single platform.

Another key component connecting machine and human intelligence will manifest in the new IBM X-Force Threat Management services announced today, which will take advantage of a patented AI engine that automates how IBM Security Services manages active threats for clients. Through the use of a new technology platform customized specifically for this service, IBM security analysts will now be able to orchestrate the full threat management life cycle more efficiently than ever before. Using three different AI engines, the platform compares incidents against 600,000 historical use cases and can help automate certain steps in the threat management process, which would normally require human intervention.

Together, these new technologies and services tackle an emerging issue around how humans and machine intelligence work together in highly complex environments to solve problems. But we can’t do it alone. During my keynote address this Thursday at the RSA Conference, I’ll share more about this necessary evolution in the security space and how the industry needs to come together across vendors and technologies to make this vision a reality and combat the huge skills and data overload challenge facing the industry.

With the combination of AI technologies to detect incidents and understand their full context, the automation of response via intelligent orchestration, and collaboration and integration across the industry, we can create the next-generation SOC — one in which companies have a guided path to respond quickly and analysts can spend more time focusing on complex and priority threats.

Resilient Adds Intelligent Orchestration Capabilities to Incident Response Platform

Over the past nine months, IBM has invested nearly 200,000 hours of research and development to create the new next-generation Resilient Incident Response Platform with Intelligent Orchestration.

A recent report from leading research firm Gartner reveals their Security Operations and Response (SOAR) model as having three types: Security Orchestration and Automation, Security Incident Response Platforms, and Threat Intelligence Platforms.* With this release, IBM Resilient delivers all three pillars of SOAR within a single integrated platform.

Security analysts can orchestrate and automate hundreds of time-consuming, repetitive and complicated response actions that previously required significant human intervention across their SOC tools. The new platform provides analysts with enterprise-grade, two-way integrations out of the box and a new drag-and-drop business process management notation (BPMN) workflow engine. This enables security teams to build more powerful dynamic playbooks that direct analysts through a fast, accurate and expert-level response process and ensures that the right incident information is delivered exactly when they need it.

Core to Intelligent Orchestration’s power is the robust ecosystem of partner integrations, also announced today, featuring partners such as Cisco, McAfee, Splunk, Carbon Black, Symantec and others. Together with these partner technologies, security teams have an open and easy way to share data and actions between technology solutions and security tools.

Read this blog to learn more about the new Resilient Incident Response Platform (IRP).

Embedding Intelligence Into Threat Management

Another innovation that will change the way security analysts and technologies interact is a new patented AI engine, which has been designed to further strengthen how IBM Security Services manages active threats for clients as part of the new X-Force Threat Management Services.

The IBM Threat Management Services have been designed to shift the focus of security analysts from remedial tasks to more impactful work, such as threat hunting, along with the necessary threat insight, prevention, detection and response required to manage risk and actions necessary in today’s cyberthreat environment.

IBM Security Services analysts will be able to orchestrate the full threat management life cycle more efficiently than ever through the use of a new technology platform customized specifically for this service. The new IBM X-Force Protection Platform connects tools from IBM and partners with new machine learning and AI algorithms embedded to guide analysts through the entire threat management process and automates many simple functions that previously required human intervention. Through the use of the new Resilient IRP, the system will also support the orchestration of more complex response activities using IBM and partner tools, all from within the Resilient platform.

These tools will be leveraged by thousands of IBM Security analysts working in state-of-the-art IBM X-Force Command Centers around the world. The Threat Management service can also be complemented by expert consulting services such as X-Force Red Offensive Security Services and X-Force Incident Response & Intelligence Services (IRIS).

To learn more about IBM X-Force Threat Management, read this blog.

*Gartner, “Preparing Your Security Operations for Orchestration and Automation Tools.”, Feb. 2018

More from Artificial Intelligence

Data Privacy: How the Growing Field of Regulations Impacts Businesses

The proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become — and stay — compliant must find a solution that can do more than just respond to current challenges. Take a look at upcoming trends when it comes to data privacy regulations and how to follow them. Today's AI Solutions On April…

Tackling Today’s Attacks and Preparing for Tomorrow’s Threats: A Leader in 2022 Gartner® Magic Quadrant™ for SIEM

Get the latest on IBM Security QRadar SIEM, recognized as a Leader in the 2022 Gartner Magic Quadrant. As I talk to security leaders across the globe, four main themes teams constantly struggle to keep up with are: The ever-evolving and increasing threat landscape Access to and retaining skilled security analysts Learning and managing increasingly complex IT environments and subsequent security tooling The ability to act on the insights from their security tools including security information and event management software…

4 Ways AI Capabilities Transform Security

Many industries have had to tighten belts in the "new normal". In cybersecurity, artificial intelligence (AI) can help.   Every day of the new normal we learn how the pandemic sped up digital transformation, as reflected in the new opportunities and new risks. For many, organizational complexity and legacy infrastructure and support processes are the leading barriers to the effectiveness of their security.   Adding to the dynamics, short-handed teams are overwhelmed with too much data from disparate sources and…

What’s New in the 2022 Cost of a Data Breach Report

The average cost of a data breach reached an all-time high of $4.35 million this year, according to newly published 2022 Cost of a Data Breach Report, an increase of 2.6% from a year ago and 12.7% since 2020. New research in this year’s report also reveals for the first time that 83% of organizations in the study have experienced more than one data breach and just 17% said this was their first data breach. And at a time when…