IBM this week announced it would add watsonx generative artificial intelligence (AI) capabilities to its security information event management (SIEM) platform early next year, along with predictive AI tools to enable cybersecurity teams to better identify similar incidents and automatically update affected systems and patch vulnerable code.
At the same time, IBM is also leveraging Kubernetes infrastructure to make it easier to deploy the IBM QRadar SIEM anywhere using the Red Hat OpenShift platform, an instance of Kubernetes that its subsidiary maintains. Initially, this cloud-native edition of QRadar will be available as a software-as-a-service (SaaS) offering this year, followed by an edition that an internal cybersecurity team can deploy either in the cloud or an on-premises IT environment.
Chris Meenan, vice president of product management for IBM Security, said a cloud-native edition of the platform will enable infrastructure resources to be consumed more cost-effectively as the amount of data that cybersecurity teams need to analyze continues to increase steadily. The cloud-native capabilities of the platform will enable it to make wider use of a federated data model to uncover threats across a hybrid IT environment, he added.
Forthcoming AI capabilities will also simultaneously reduce the overall cognitive load on cybersecurity teams who are already stretched thin. The additional generative AI capabilities will, for example, make it simpler to create summaries of incidents, events and threat intelligence that can be easily shared and an ability to generate searches to detect threats using natural language descriptions of attack behavior and patterns.
IBM is training the AI models it employs on alerts it collects from clients to optimize recommendations that can then be automatically applied when cybersecurity teams are ready, said Meenan.
Alert prioritization capabilities will also leverage AI to automatically de-prioritize low-priority alerts while automatically grouping and escalating high-priority alerts to provide more context, he noted.
It’s now more a question of when and to what degree AI will transform cybersecurity. It’s not likely AI will replace the need for cybersecurity professionals any time soon, but much of the toil that limits productivity and effectiveness today will be sharply reduced. In addition, the overall level of expertise required to be effective should become lower, thereby opening cybersecurity to a wider range of potential job candidates.
Of course, cybercriminals are also embracing AI to improve their productivity and, in the short term, they may benefit more from it than cybersecurity teams that will need to upgrade platforms. In the longer term, however, AI should help level a playing field that today decidedly favors cybercriminals.
Naturally, IBM is not the only provider of a cybersecurity platform embracing AI, but the company has invested in a wide range of AI technologies for years. The challenge will be convincing business and IT leaders to make additional investments in cybersecurity in the face of ongoing economic headwinds.
In the meantime, cybersecurity professionals should start determining what routine processes they perform today that could be better handled by machines.
Recent Articles By Author