IBM introduces a GenAI-powered cybersecurity assistant to enhance threat detection and response services for clients.

IBM has unveiled a new generative AI capability for its managed Threat Detection and Response Services, aimed at streamlining security operations. Built on the watsonx data and AI platform, the IBM Consulting Cybersecurity Assistant is designed to help IBM Consulting analysts accelerate the identification, investigation, and response to critical security threats. This new assistant is part of IBM Consulting Advantage, a platform of AI services tailored to deliver consistent, repeatable, and high-quality value for clients.

Mark Hughes, Global Managing Partner of Cybersecurity Services at IBM Consulting, highlighted the challenge security teams face with an increasing number of cyber incidents. By incorporating generative AI, IBM aims to reduce the manual workload for security analysts, enabling them to respond more effectively and proactively to threats. IBM’s Threat Detection and Response (TDR) Services can already automate the escalation or closure of up to 85% of alerts. The new AI capabilities further reduce alert investigation times by 48%, allowing analysts to focus on more complex threats.

The Cybersecurity Assistant enhances threat investigations through historical correlation analysis, cross-referencing alerts, and providing insights from various security data sources. This integrative approach helps security analysts comprehend critical threats better, offering a timeline view of attack sequences and auto-recommending actions based on historical patterns. The assistant’s continuous learning ability ensures improved speed and accuracy over time.

In addition to its analytical capabilities, the Cybersecurity Assistant features a generative AI conversational engine that supports operational tasks in real-time. This engine can respond to requests, trigger actions, run queries, pull logs, explain commands, and enrich threat intelligence, thereby reducing noise and increasing the efficiency of Security Operations Centers (SOCs).

Craig Robinson, Research Vice President for IDC’s Security Services Research Practice, emphasized the importance of IBM’s advancements in managed security services. These innovations provide businesses with deeper insights into critical threats and a system that continually learns from the specific actions taken within their environments, driving faster and more accurate threat investigations.

Developed in collaboration with IBM Research, the Cybersecurity Assistant leverages IBM’s Granite foundation models and the watsonx.ai platform, incorporating the watsonx Assistant for its conversational interface.