IBM unveils cloud-native SIEM built to maximise security teams’ time and talent 

IBM

IBM have announced a major evolution of its flagship QRadar SIEM technology: designed on a new cloud-native architecture, built specifically for hybrid cloud scale, speed and flexibility.

IBM also unveiled plans for delivering generative AI capabilities within its threat detection and response portfolio – leveraging watsonx, the company’s enterprise-ready data and AI platform.

Today’s hybrid cloud environments are evolving and scaling at an exponential rate, creating a larger and more complex attack surface to protect.

This growing IT footprint makes it harder to quickly find the true threats amongst the noise – slowed down by siloed technologies, manual searches and an overload of alerts, without clear context or visualisations. In fact, SOC professionals get to less than half (49%) of the alerts that they’re supposed to review within a typical workday, according to a recent global survey.

“Our new cloud native SIEM is a core element of IBM’s mission to usher in the next generation of security operations, built for the hybrid cloud and AI era,” said Kevin Skapinetz, Vice President, Strategy and Product Management, IBM Security. “Instead of forcing analysts to work around the complexity of security technologies, we’re designing technology to remove the complexity – weeding out the noise, simplifying the user experience, and empowering analysts to tackle urgent threats with greater speed and confidence.”

The new IBM QRadar Cloud-Native SIEM builds on QRadar’s 13 years of market leadership and analyst recognition for deep security analytics – with a redesigned architecture for highly efficient data ingestion, rapid search and analytics at scale.

Built on an open foundation, it is the newest addition to QRadar Suite, IBM’s integrated portfolio of threat detection and response software. QRadar is designed to augment and up-level security analysts daily work – tapping AI to manage time-consuming and repetitive tasks while empowering them to find and respond to high priority threats more effectively.

Cloud-Native SIEM will initially be delivered as SaaS in Q4 2023, with plans to deliver software for on-premises and multi-cloud deployment in 2024.

Open at its Core: Built on Red Hat OpenShift, QRadar SIEM is designed to be open at a foundational level – allowing for deeper interoperability with multi-vendor tools and clouds. It leverages open source and open standards for core functions including detection rules and search language, allowing it to easily work across companies’ broader security and technology stacks.

  • Leverages common, shared language for detection rules (SIGMA) – allowing clients to quickly import new, crowdsourced detections directly from the security community as threats evolve.
  • Offers unique federated search and threat hunting capabilities built on open-source technologies, allowing analysts to proactively search for and investigate threats across all cloud and on-premise data sources in a single, unified way – without moving data from its original source.
  • Builds on the QRadar ecosystem, one of the largest partner networks in the industry with more than 700 pre-built integrations.

Connected Detection, Investigation & Response: As part of QRadar Suite, the new Cloud-Native SIEM offers customers access to a wide set of integrated capabilities which allow for more proactive detection, investigation and response across toolsets.

With QRadar Suite organisations can gain visibility into their exposed assets via attack surface management (ASM) capabilities, search for threats across toolsets, protect at the endpoint with EDR, and connect to automated playbooks to speed response (SOAR). QRadar SIEM empowers users with shared insights and

automated actions across their core toolsets – accessed directly from their primary user interface without needing to shi` between tools.

Enterprise-Grade AI and Automation: QRadar SIEM applies multiple layers of AI and automation to drastically improve the quality of alerts and the efficiency of security analysts. These mature AI capabilities have been pre- trained on millions of alerts from IBM’s vast network of clients and are refined further post-deployment to account for each client’s unique environment. For example:

  • Alert Prioritisation: Uses AI to reduce noise and improve quality of alerts. It automatically de-prioritises low priority alerts, while automatically grouping, contextualising and escalating high priority alerts – factoring in risk context from ongoing threat intelligence and analyst response patterns. This capability allows IBM’s Cybersecurity Services team to automate 85% of alert management for clients, accelerating their threat triage timelines by 55% in the first year of use.
  • Threat Investigation: AI capability that automatically runs federated searches across connected systems, generating a visual attack timeline, MITRE ATT&CK mappings, and recommended actions – giving analysts a significant head-start on investigation tasks.
  • Adaptive Detection: QRadar SIEM’s analytics are automatically updated with new detection rules and threat intelligence on an ongoing basis to keep pace with evolving threats.

IBM’s AI security capabilities are embedded natively into the QRadar Suite analyst interface, bringing contextual insights to analysts’ fingertips and helping them take advantage of AI more intuitively within their regular workflows.

Generative AI to Advance SOC Productivity

IBM also plans to release generative AI (GAI) security capabilities via QRadar Suite in early 2024 – built on watsonx, the company’s AI and data platform. IBM is designing GAI to help optimize security teams’ time and talent by managing certain tedious tasks on behalf of analysts, while also making it easier for them to perform more challenging and higher value work. For example:

  • Automate Reporting: Create simple summaries of security cases and incidents that can be shared with a variety of stakeholders in a single click.
  • Accelerate Threat Hunting: Automatically generate searches to detect threats based on natural language descriptions of attack behaviour and patterns – helping speed response to new threat campaigns.
  • Interpret Machine-Generated Data: Helping analysts more quickly understand security log data by providing simple explanations of events that have taken place on a system – lowering technical barriers and expediting their investigations.
  • Curate Threat Intelligence: Interpret and summarise the most relevant threat intelligence, honing in on campaigns that are most likely to affect clients based on their unique risk profile.

IBM is also developing predictive GAI security capabilities which learn and create active responses that optimise over time – for instance, helping security teams find all similar incidents, update all affected systems, and patch all vulnerable code.

Beyond these use-cases, IBM plans to embed generative AI across its security software and services portfolio. These capabilities will leverage watsonx infrastructure as well as watsonx AI models, which have been trained on curated, domain-specific datasets – designed to offer greater trust, transparency and accuracy.

Share
Tweet
Post

Related posts

Scroll to Top