putilov_denis - stock.adobe.com
IBM on Thursday launched a new managed detection and response service powered by AI.
The tech giant was an early vendor to launch AI-powered security offerings with the announcement of QRadar Suite in April. The vendor's new MDR offering, IBM Threat Detection and Response (TDR) Services, marks the latest effort for a vendor to incorporate features into its portfolio.
In a press release for the service, IBM said it uses AI "to continuously assess and auto-recommend the most effective detection rules -- helping to improve alert quality, and speed response times." The vendor claimed that this feature "helped reduce low-value SIEM alerts by 45% and auto escalate 79% more high-value alerts that required immediate attention."
Another capability referenced included Mitre ATT&CK assessments that use AI "to reconcile the multiple detection tools and policies currently in place" and make recommendations.
The aforementioned QRadar Suite, which combines AI-enhanced versions of the vendor's preexisting threat detection and response tools into one product, similarly includes features such as prioritized security alerts and automated investigations.
A spokesperson for IBM told TechTarget Editorial that the AI features in the new offering are not considered generative AI.
Scott McCarthy, global managing partner of product management at IBM Consulting Cybersecurity Services, told TechTarget Editorial via email that while customers won't interface with the AI technologies directly, as the services are delivered by IBM security analysts, "they will realize the outcomes delivered by them."
Customers can engage with TDR Services in one of two ways, McCarthy explained. The first option is to have IBM control their security operations on a 24/7 basis; with the second option, customers can work with IBM on a daily basis. Both options give organizations the ability to communicate and collaborate with IBM security consultants through a co-managed customer portal.
McCarthy added that compared with IBM's current MDR offerings -- which focus on endpoint detection and response as well as network security alerts -- "TDR Services can ingest and analyze security data from any existing technologies or vendors and leverages AI to refine details on these alerts."
Though McCarthy said that some of the underlying technologies are similar to those offered in QRadar Suite, they're being applied differently in TDR Services.
"The AI technologies powering the new TDR Services are unique in that they are continuously learning from IBM threat management client data in real time, providing an additional layer of insight," he said. "Additionally, by leveraging real-time insights via IBM's global network, the new services can automatically crowdsource and recommend the best detection rules to improve the quality of alerts."
IBM TDR Services is now available to all customers.
Alexander Culafi is an information security news writer, journalist and podcaster based in Boston.