IBM has recently launched a new managed detection and response (MDR) service that is powered by artificial intelligence (AI). This move follows the tech giant’s earlier introduction of AI-powered security offerings with the QRadar Suite in April. IBM’s latest offering, called IBM Threat Detection and Response (TDR) Services, is part of the company’s ongoing efforts to enhance its portfolio with AI-driven features.
According to a press release issued by IBM, the TDR Services leverage AI to continuously assess and auto-recommend the most effective detection rules. This helps to improve the quality of alerts and speed up response times. IBM claims that this AI-powered feature has reduced low-value Security Information and Event Management (SIEM) alerts by 45% and has auto-escalated 79% more high-value alerts that required immediate attention.
Another notable capability of the TDR Services is its use of AI to conduct Mitre ATT&CK assessments. Through this technology, the services can reconcile the multiple detection tools and policies currently in place and provide recommendations accordingly.
IBM’s QRadar Suite, which combines AI-enhanced versions of the company’s existing threat detection and response tools, also offers features such as prioritized security alerts and automated investigations.
However, it is important to note that the AI features in IBM’s new offering are not considered generative AI, according to a spokesperson for the company. Customers will not directly interact with the AI technologies, as the services are delivered by IBM security analysts. Nonetheless, they will benefit from the outcomes delivered by these analysts.
There are two options for customers to engage with the TDR Services. The first option allows IBM to take full control of their security operations on a 24/7 basis, while the second option involves working with IBM on a daily basis. In both cases, organizations are provided with a co-managed customer portal, which enables communication and collaboration with IBM security consultants.
Compared to IBM’s current MDR offerings, which focus on endpoint detection and response, as well as network security alerts, the TDR Services have the ability to ingest and analyze security data from any existing technologies or vendors. This is made possible through the use of AI to refine details on these alerts.
Scott McCarthy, global managing partner of product management at IBM Consulting Cybersecurity Services, explained that while some of the underlying technologies in TDR Services may be similar to those offered in QRadar Suite, they are applied differently. The AI technologies used in TDR Services continuously learn from IBM threat management client data in real-time, providing an additional layer of insight. Additionally, by leveraging real-time insights from IBM’s global network, the services can automatically crowdsource and recommend the best detection rules to improve the quality of alerts.
IBM TDR Services are now available to all customers who wish to enhance their security operations with AI-powered detection and response capabilities.