IBM Introduces Gen AI-Powered Cybersecurity Assistant For Threat Detection And Response

IBM has introduced generative artificial intelligence capabilities to its managed threat detection and response services utilised by IBM Consulting analysts to advance and streamline security operations for enterprises.

Built on the watsonx data and AI platform, the new IBM Consulting Cybersecurity Assistant aims to accelerate and improve the identification, investigation and response to critical security threats.

The cybersecurity assistant will be included in IBM Consulting's Threat Detection and Response practice, and will also be part of IBM Consulting Advantage, the AI services platform with purpose-built AI assets, the company said.

According to IBM, its TDR services can automatically escalate or close the majority of alerts. By integrating existing AI and automation capabilities with new generative AI technologies, IBM's security analysts can speed the investigation of the remaining alerts requiring action.

"By enhancing our Threat Detection and Response services with generative AI, we can reduce manual investigations and operational tasks for security analysts, empowering them to respond more proactively and precisely to critical threats, and helping to improve overall security posture for clients," said Mark Hughes, global managing partner of cybersecurity services, IBM Consulting.

The cybersecurity assistant is designed to help speed up threat investigations via historical correlation analysis of similar threats. The capability cross-correlates alerts and offers insights from security information and event management, network, endpoint detection and response, vulnerability and telemetry to provide an integrative threat management approach.

To help them better analyse critical threats, analysts will have access to a timeline view of attack sequences, IBM said. The assistant will also auto-recommend actions based on the historical patterns of analysed activity and pre-set confidence levels.

The assistant includes a generative AI conversational engine that provides real-time insights and support on operational tasks to enterprises and IBM security analysts. In addition to responding to requests such as opening or summarising tickets, the conversational feature can automatically trigger relevant actions, including running queries, pulling logs, command explanations or improving threat intelligence.

Built in collaboration with IBM Research, the cybersecurity assistant leverages IBM's broader generative AI capabilities, built on the company's Granite foundation models, improved for production within IBM watsonx.ai, and tapping into IBM watsonx Assistant for the conversational chat interface.