IBM's New AI Technology Could Escalate High-Risk Alerts



While AI technologies have gained much traction in the last few years, the use cases also lead to severe cyber threats. The companies are on high-risk alerts, and rightly so. However, IBM's new AI technology for high-risk alert escalation and response service would give them a sense of calm. The new solution includes IBM's AI strategies to autonomously escalate or close up to 85 percent of alarms, assisting clients in shortening security response timeframes. The Opsgenie escalation service provides 24x7 monitoring, investigation, and automated remediation of security alerts from all relevant technologies across the client's hybrid cloud environments - including existing security tools and investments, as well as cloud, on premise, and operational technologies (OT).

IBM’s AI-Driven Technologies 

AI-driven technologies delivered by IBM Consulting's global team of security analysts via IBM's advanced security services platform, which applies multiple layers of AI and contextual threat intelligence from the company's vast global security network - aiding in the automation of noise while quickly escalating critical threats

Chris McCurdy, General Manager, Worldwide IBM Consulting Cybersecurity Services, says, “Today's security teams are overwhelmed not only by attackers, but also by the number of vulnerabilities, warnings, and security tools and systems they must manage on a daily basis. IBM's new Threat Detection and Response Services, which combine advanced analytics and real-time threat information with human knowledge, can complement organizations' security defenses with a capability that is scalable, constantly developing, and robust enough for tomorrow's threats.”

Intelligently Adapting to Threat Defenses

The new TDR Services are supported by a suite of AI-powered security solutions that serve thousands of clients worldwide, monitoring billions of potential security events per day. It employs AI models that continually learn from real-world client data, including security analyst comments, to close low-priority and false positive alerts based on a client-defined confidence level. This functionality also automatically elevates high-risk warnings that necessitate rapid action by security teams and provides an investigation background.

IBM's TDR Services are designed to provide:

Crowd-Sourced Detection Rules, Optimized Alerts

The new services leverage AI to continuously review and auto-recommend the most effective detection criteria, helping to enhance alert quality and accelerate response times by leveraging real-time data from IBM's threat management engagements. This capability reduced low-value SIEM warnings by 45 percent while auto-escalating 79 percent more high-value alerts that demanded quick action. Through its co-managed interface, organizations may accept and alter detection rules with just two clicks.

MITRE ATT&CK Assessment

To align with the preparedness for ransomware and wipe-out attacks, organizations will be able to examine how their environment compares to their industry and geography counterparts in terms of MITRE ATT&CK framework tactics, techniques, and procedures. The new services use AI to reconcile an organization's different detection tools and rules, offering an enterprise view on how to best detect risks and assess holes to update inside an ATT&CK framework.

Seamless End-to-End Integration

The new services may be effortlessly integrated with a client's enterprise-wide security assets, whether on premise or in the cloud, thanks to the open API approach. Businesses may access their ecosystem while also connecting, collaborating, and defining their own response playbooks via a co-managed portal. It gives a consolidated corporate perspective, accurate remedial capabilities, and consistently enforces IT and OT security regulations.

24x7 Global Support

The firms will have critical access to more than 6,000 IBM Cybersecurity Services personnel across the world, 24 hours a day, seven days a week, to help supplement the security program. The huge global network of IBM Consulting Cybersecurity Services serves over 3,000 clients worldwide, managing over 2 million endpoints and 150 billion security events every day.

Craig Robinson, IDC Research VP of Security Services, says, “At the moment, security leaders are attempting to break free from the vicious loop of employee shortages, escalating threats, and rising C-Suite demands to mature their cyber program without breaking the purse. Many organizations cannot afford to write off earlier SOC expenditures; thus, the old model of swapping out their tools for a vendor's chosen platform no longer works".


He adds, "A service like IBM's Threat Detection and Response offering can give an off-ramp to these concerns without needing a complete rip-and-replace of their earlier security investments, as well as assist in shifting their human resources in the SOC to a more proactive posture.”

IBM's TDR Services, which are now available, include access to IBM's X-Force Incident Response Services as well as the option to include additional proactive security services from IBM X-Force, such as penetration testing, adversary simulation, or vulnerability management, to aid in the smooth improvement of security operations capabilities. Based on the current threat landscape, clients' developing IT environments, and insights gathered through interactions with thousands of IBM Cybersecurity Services clients across the world, X-Force will also provide assistance to help clients enhance their security operations over time.

Cyberattacks Start through Phishing

In fact, IBM discovered in 2021 that phishing attempts had become the most common threat vector, accounting for about 40 percent of all attacks. The attempt was three times more likely to succeed when the thieves and scammers included a related phone call vishing or voice phishing. Similarly, ransomware assaults have emerged as a major cyber threat, accounting for 21 percent of all intrusions.

Even more traditional industries are experiencing a surge in cyber threats, especially as these companies investigate how digital transformation might provide a clear competitive edge. According to an IBM study, manufacturing will overtake financial services as the most attacked industry in 2021, accounting for 23.2 percent of all attacks that year.

Hence, as AI and hybrid cloud become more commonplace on the production floor and analytics-driven decision-making dictates real-time shifts to workflows, hackers and other illicit actors are finding new target-rich environments.

IBM has reviewed and identified areas where visibility inside DDI's established procedures could be improved. The client's security personnel then collaborated with an onsite IBM Security X-Force consulting team to conduct a more thorough maturity audit of the group's global network. Armed with this knowledge, the combined team developed suggestions to strengthen security systems and promote global governance that adheres to industry-accepted best practices.

Current Issue