IBM debuts automated, AI-powered platform QRadar Security Suite to accelerate threat detection and response
IBM Corp. today announced a new security suite called IBM Security QRadar Security Suite that’s aimed at unifying and accelerating threat detection, investigation and response across the entire incident lifecycle.
Built on an open foundation and designed for multicloud operations, the suite makes every capability accessible through a single, modernized user interface that provides embedded automation and artificial intelligence functionality, IBM said.
IBM’s QRadar Security Suite encompasses a range of endpoint detection and response, extended detection and response, security information and event management and security orchestration, automation and response capabilities, together with cloud-native log management. Together, these combined EDR, XDR, SIEM and SOAR features ensure security analysts can respond to any and all threats with maximum speed and efficiency, IBM said.
According to the company, security analysts benefit from a more unified experience and simplified, cloud-based delivery, as QRadar is delivered as a service on Amazon Web Services. It’s built on core, open-source technologies and offers more than 900 prebuilt integrations with third-party security tools. IBM said it’s available now through various individual software-as-a-service offerings or a QRadar suite license.
“IBM has engineered the entire QRadar Security Suite portfolio around a singular, modernized user experience, embedded with sophisticated AI and automation to maximize security analysts’ productivity and accelerate their response across each step of the attack chain,” said IBM Security General Manager Mary O’Brien.
It’s the built-in AI and automation capabilities that really stand out, as IBM says they have been shown to deliver a significant improvement in the speed and accuracy of security operations center operations. They include features such as an AI-powered alert triage system that automatically prioritizes and closes alerts using AI models trained on prior security analyst response patterns and external threat intelligence.
The automated threat investigation tools are able to identify high-priority incidents that warrant investigation and automatically start that process by fetching associated artifacts and gathering other evidence through data mining. In this way, the system can automatically generate a timeline and attack graph of the incident, and recommend next steps.
Meanwhile, there are accelerated threat hunting tools available that use open source “threat hunting packages” together with federated search to discover “stealthy attacks” and indicators of compromises across a company’s systems.
Constellation Research Inc. analyst Holger Mueller said security operations are changing rapidly from something that’s operator-driven to AI-driven. “The challenges companies face around security have surpassed the level of human processing and productivity, and there simply not enough professionals to go around,” Mueller said. “So it makes perfect sense for IBM to deliver AI-powered alert triage and automated threat investigations that can help enterprises overcome these difficulties.”
IBM said unifying all of these capabilities into one experience enables security teams to contextualize and prioritize any incidents that occur more effectively while reducing the number of steps required to respond to threats. In this way, it enables teams to increase productivity and free themselves to focus on higher-value work.
Photo: Mikita Yo/Unsplash
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU