IBM has introduced a new generative AI-powered cybersecurity tool designed to bolster managed threat detection and response services. The IBM Consulting Cybersecurity Assistant is built to accelerate the identification, investigation, and response to critical security threats, addressing the increasing complexity and frequency of cyber incidents.
The tool is integrated into IBM's watsonx data and AI platform and is part of IBM Consulting's broader threat detection and response practice, as well as its AI services platform, IBM Consulting Advantage.
Mark Hughes, IBM Consulting’s global managing partner of cybersecurity services, highlighted the growing challenge for security teams in managing an overwhelming number of attacks with limited resources. The Cybersecurity Assistant aims to alleviate this burden by autonomously performing various tasks, including ticket management, running queries, log analysis, command explanations, and enriching threat intelligence.
Developed using IBM’s Granite line of foundation models, the assistant leverages watsonx Assistant for its conversational chat interface. This allows it to provide real-time insights and recommendations in a user-friendly manner for both clients and IBM security analysts.
Autonomous Task Execution: It can automatically handle up to 85% of alerts, reducing the need for manual intervention.
Historical Analysis and Recommendations: The assistant can analyze past incidents to recommend actions, speeding up threat investigations.
Timeline Creation: It can generate a visual timeline of attack sequences, offering better context for analysts during investigations.
Continuous Learning: The tool improves over time by learning from each investigation, enhancing its speed and accuracy.
IBM claims that the new tool has already proven effective, with one client reporting a 48% reduction in alert investigation times. By integrating generative AI into its Threat Detection and Response services, IBM aims to empower security analysts to respond more proactively and precisely to critical threats, ultimately improving the overall security posture for clients.
