IBM today added managed threat detection and response services that leverage artificial intelligence (AI) to identify and thwart cyberattacks.
Scott McCarthy, global managing partner for product management for IBM Consulting Cybersecurity Services, said this offering also consolidates multiple existing managed services into a single holistic service.
In addition, crowdsourced detection rules are now being infused with AI to prioritize and reduce the number of alerts generated, he noted. That capability is credited with reducing low-value alerts generated by security information event management (SIEM) platforms by 45% and automatically escalating 79% more high-value alerts that require immediate attention.
Organizations will be able to see how their environment adheres to the tactics, techniques and procedures defined by the MITRE ATT&CK framework compared to their industry and geographic peers.
Finally, IBM has defined an open application programming interface (API) through which existing cybersecurity platforms can be integrated with the IBM managed service. IBM will also provide organizations the option to deploy the AI models it has developed directly in their on-premises IT environments to address any data governance requirements, noted McCarthy.
In the longer term, IBM is also working toward updating its conversational interface to enable more sophisticated interactions with the cybersecurity AI models the company has been building for more than seven years, he added.
At the core of the IBM service are more than 6,000 IBM cybersecurity professionals deployed in security operations centers (SOCs) around the globe. Today, those SOCs handle more than 150 billion security events per day and more than two million endpoints.
It’s not clear how heavily organizations will rely on managed cybersecurity services, but as the defensible attack surface expands, it’s becoming difficult for internal cybersecurity and IT operations teams to keep pace with the volume of increasingly sophisticated threats. In fact, cybercriminals are already using tools such as FraudGPT to leverage AI to launch attacks. As a result, organizations of all sizes are now caught up in an AI arms race, said McCarthy.
The challenge is most organizations don’t have access to the telemetry data required to build an AI model that addresses cybersecurity use cases, so there will be an inevitable shift toward relying on service providers that can aggregate enough data to build, maintain and refresh those AI models, he added.
Most organizations will likely co-manage cybersecurity alongside those service providers. There’s no shortage of managed cybersecurity service providers, so organizations will need to evaluate them based on their level of expertise and their ability to master AI.
Regardless of approach, it’s clear a new era of cybersecurity has dawned. Organizations that don’t have access to defensive AI capabilities will be overwhelmed. AI isn’t a silver bullet for cybersecurity, but in its absence, the level of fatigue a cybersecurity team will experience will result in higher turnover rates.
Recent Articles By Author