Another key component for connecting machine and human intelligence is the new IBM X-Force Threat Management Services, which uses a patented artificial intelligence (AI) engine that automates how IBM Security Services manages active threats for clients. Through the use of three different artificial intelligence engines, the platform compares incidents against 600,000 historical use cases and can help automate certain steps in the threat management process which would normally require human intervention.
Together, these new technologies and services tackle an emerging issue around how humans and machine intelligence work together in highly complex environments to solve problems. Security operations centers (SOC) are a hotbed of activity – with companies managing over 200,000 security events per day on average, hundreds of which are incidents that require analysts to take action and resolve. The combination of Intelligent Orchestration and AI technologies provide the full context of the incident, giving companies a guided path to respond quickly and analysts more time to focus on complex and priority threats.
“The collaboration between humans and intelligent machines is going to affect every industry,” said Marc van Zadelhoff, General Manager, IBM Security. “In security, we see this manifesting itself first in the security operations center where the data only keeps growing. Companies have an opportunity with breakthroughs like AI for active threat management and Intelligent Orchestration to rewire incident response procedures for the age of intelligence.”
Resilient Adds Intelligent Orchestration Capabilities to Incident Response Platform
Over the past nine months, IBM has invested nearly 200,000 hours of research and development to create the new next-generation Resilient Incident Response Platform with Intelligent Orchestration.
A recent report from leading research firm Gartner reveals their Security Operations and Response (SOAR) model as having three essential components: Security Orchestration and Automation, Security Incident Response Platforms, and Threat Intelligence Platforms. With this release, IBM Resilient delivers all three pillars of SOAR within a single integrated platform.
Security analysts can now orchestrate and automate hundreds of time-consuming, repetitive, and complicated response actions that previously required significant human intervention across their SOC tools. The new platform provides analysts with enterprise-grade, integrations out of the box and a new drag-and-drop business process management notation (BPMN) workflow engine. This enables security teams to build more powerful Dynamic Playbooks that direct analysts through a fast, accurate, and expert-level response process, and ensures the right incident information is delivered exactly when they need it. The new platform allows analysts to move and re-use integrations without needing to understand the technical or implementation background. As a result, organizations can improve the speed and agility of their response process and achieve rapid time to value of their security investments.
Core to Intelligent Orchestration’s power is the robust ecosystem of partner integrations, also announced today, featuring partners such as Cisco, McAfee, Splunk, Carbon Black, Symantec, and others. Together with these partner technologies, security teams have an open and easy way to share data and actions between technology solutions and security tools. The platform automatically initiates activities across partner technologies, such as monitoring and escalation, identification and enrichment, communication and coordination, and containment, response, and recovery. For more information on the ecosystem and a full list of integrations, visit IBM Resilient’s integrations page.
To learn more about the IBM Resilient Incident Response Platform with Intelligent Orchestration, visit: https://www.resilientsystems.com/
Embedding Intelligence into Threat Management
Another innovation that will change the way security analysts and technologies interact is a new patented artificial intelligence engine, which has been designed to enhance the way IBM Security Services manages active threats for clients as part of the new X-Force Threat Management Services.
IBM Security Services analysts will be able to orchestrate the full threat management lifecycle more efficiently than ever through the use of a new technology platform customized specifically for this service. The new IBM X-Force Protection Platform connects tools from IBM and partners with new machine learning and AI algorithms embedded to guide analysts through the entire threat management process, and also automates many simple functions which previously required human intervention.
The platform uses new AI engines to help “triage” an incident during early phases of threat investigation, comparing incidents against IBM Security Services real time and historical data, such as 600,000 historical use-cases, active campaigns already under investigation, current threat and vulnerability data, contextual insights from Watson for Cybersecurity, and more. Using this additional level of analysis, the system can automatically initiate certain actions such as dismissing false positive or duplicate alerts, implementing a virtual quarantine on an infected endpoint, or escalating the incident for further investigation by a higher level analyst.
Through the use of the new Resilient IRP, the system will also support the orchestration of more complex response activities using IBM and partner tools – all from within the Resilient platform.
The X-Force Protection Platform will be leveraged by thousands of IBM Security analysts working in state of the art IBM X-Force Command Centers around the world. This can be complemented expert consulting services like X-Force Red Offensive Security Services & X-Force Incident Response & Intelligence Services (IRIS).
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force® research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world’s broadest security research, development and delivery organizations, monitors 35 billion security events per day in more than 130 countries, and has been granted more than 8,000 security patents worldwide. For more information, please check www.ibm.com/security, follow IBMSecurityon Twitter or visit the IBM Security Intelligence blog.
IBM Deutschland GmbH
Schönaicher Str. 220
71032 Böblingen
Telefon: +49 (7034) 15-0
Telefax: +49 (711) 785-3511
http://www.de.ibm.com
Unternehmenskommunikation
Telefon: +49 (7034) 151887
E-Mail: hansrehm@de.ibm.com