As the RSA Conference kicks off this week, IBM Security will be approaching the anniversary of two important milestones. This time two years ago, we put our stake in the ground to lead the incident response space with the acquisition of Resilient Systems. At RSA last year, we brought the power of Watson to the cybersecurity industry to augment the skills of analysts in their security investigations.
These investments in response and artificial intelligence (AI) were made with a larger vision in mind: a move toward “automation of response” in cybersecurity. Today at RSA, we’re announcing major technology innovations and enhancements to how we deliver our services that will introduce a new era in which machine intelligence and human expertise are orchestrated seamlessly together across the entire threat life cycle.
The collaboration between man and intelligent machines will affect every industry in profound ways — and we’re leading the early phases of this shift. In security, we see this manifesting itself first in the security operations center (SOC), which is a hotbed of activity, with companies managing over 200,000 security events per day on average, according to an IBM Security estimate, hundreds of which are incidents that require analysts to take action and resolve.
Rewiring Incident Response and Threat Management With Machine Intelligence
Companies have an opportunity, with breakthroughs such as AI for active threat management and intelligent orchestration, to rewire incident response procedures for the age of intelligence. But, currently, organizations must invest substantial resources to manually integrate AI into their detection and response processes, creating a large barrier in the path toward intelligent automation.
Today, we’re announcing a major technology shift that will accelerate this journey and make it more widely available to companies of all sizes with the next-generation IBM Resilient Security Orchestration, Automation, and Response (SOAR) Platform with Intelligent Orchestration. The new platform dramatically accelerates and sharpens incident response by seamlessly combining incident case management, orchestration, automation, intelligence and deep two-way partner integrations into a single platform.
Another key component connecting machine and human intelligence will manifest in the new IBM X-Force Threat Management services announced today, which will take advantage of a patented AI engine that automates how IBM Security Services manages active threats for clients. Through the use of a new technology platform customized specifically for this service, IBM security analysts will now be able to orchestrate the full threat management life cycle more efficiently than ever before. Using three different AI engines, the platform compares incidents against 600,000 historical use cases and can help automate certain steps in the threat management process, which would normally require human intervention.
Together, these new technologies and services tackle an emerging issue around how humans and machine intelligence work together in highly complex environments to solve problems. But we can’t do it alone. During my keynote address this Thursday at the RSA Conference, I’ll share more about this necessary evolution in the security space and how the industry needs to come together across vendors and technologies to make this vision a reality and combat the huge skills and data overload challenge facing the industry.
With the combination of AI technologies to detect incidents and understand their full context, the automation of response via intelligent orchestration, and collaboration and integration across the industry, we can create the next-generation SOC — one in which companies have a guided path to respond quickly and analysts can spend more time focusing on complex and priority threats.
Resilient Adds Intelligent Orchestration Capabilities to Incident Response Platform
Over the past nine months, IBM has invested nearly 200,000 hours of research and development to create the new next-generation Resilient Incident Response Platform with Intelligent Orchestration.
A recent report from leading research firm Gartner reveals their Security Operations and Response (SOAR) model as having three types: Security Orchestration and Automation, Security Incident Response Platforms, and Threat Intelligence Platforms.* With this release, IBM Resilient delivers all three pillars of SOAR within a single integrated platform.
Security analysts can orchestrate and automate hundreds of time-consuming, repetitive and complicated response actions that previously required significant human intervention across their SOC tools. The new platform provides analysts with enterprise-grade, two-way integrations out of the box and a new drag-and-drop business process management notation (BPMN) workflow engine. This enables security teams to build more powerful dynamic playbooks that direct analysts through a fast, accurate and expert-level response process and ensures that the right incident information is delivered exactly when they need it.
Core to Intelligent Orchestration’s power is the robust ecosystem of partner integrations, also announced today, featuring partners such as Cisco, McAfee, Splunk, Carbon Black, Symantec and others. Together with these partner technologies, security teams have an open and easy way to share data and actions between technology solutions and security tools.
Read this blog to learn more about the new Resilient Incident Response Platform (IRP).
Embedding Intelligence Into Threat Management
Another innovation that will change the way security analysts and technologies interact is a new patented AI engine, which has been designed to further strengthen how IBM Security Services manages active threats for clients as part of the new X-Force Threat Management Services.
The IBM Threat Management Services have been designed to shift the focus of security analysts from remedial tasks to more impactful work, such as threat hunting, along with the necessary threat insight, prevention, detection and response required to manage risk and actions necessary in today’s cyberthreat environment.
IBM Security Services analysts will be able to orchestrate the full threat management life cycle more efficiently than ever through the use of a new technology platform customized specifically for this service. The new IBM X-Force Protection Platform connects tools from IBM and partners with new machine learning and AI algorithms embedded to guide analysts through the entire threat management process and automates many simple functions that previously required human intervention. Through the use of the new Resilient IRP, the system will also support the orchestration of more complex response activities using IBM and partner tools, all from within the Resilient platform.
These tools will be leveraged by thousands of IBM Security analysts working in state-of-the-art IBM X-Force Command Centers around the world. The Threat Management service can also be complemented by expert consulting services such as X-Force Red Offensive Security Services and X-Force Incident Response & Intelligence Services (IRIS).
To learn more about IBM X-Force Threat Management, read this blog.
*Gartner, “Preparing Your Security Operations for Orchestration and Automation Tools.”, Feb. 2018