IBM Incorporates AI for Enhanced Managed Security Services

IBM is introducing new AI-driven threat detection and response services designed to assist network and security operations teams in swiftly and effectively handling cyber threats. These services utilize AI models that learn from actual client data, enabling automatic resolution of low-priority and false-positive alerts based on enterprise-defined criteria.

Under the management of the IBM Consulting group, the Threat Detection and Response (TDR) Services offer continuous monitoring, investigation, and automated remediation of security alerts from existing security tools, cloud systems, on-premises infrastructure, and operational technology systems within the enterprise network. The services can integrate data from over 15 security event and incident management (SIEM) tools and various third-party endpoint and network detection and response solutions.

The goal is to help enterprises manage the numerous vulnerabilities, alerts, and security tools they encounter daily. By leveraging AI and analytics, these new managed services can filter out unnecessary alerts, allowing IT teams to concentrate on critical threats, IBM stated.

IBM’s new TDR Services, available immediately, typically operate without needing agents to collect information from the enterprise environment, including servers, endpoints, and other devices. Combining data from IBM X-Force’s global sensor network and intelligence analysis, the services utilize AI models and tools to eliminate client-defined, non-critical issues and false positives, automatically generating high-risk alerts that require immediate attention from security teams while providing investigation context, according to IBM.

“IBM’s Managed Detection and Response (MDR) can identify threats across the entire IT estate, conduct network-based detections including full packet capture and inspection, and detect various malicious activities such as ransomware and evasive malware. The service also includes attacker behavior analytics,” stated a recent MDR report from KuppingerCole.

“IBM MDR can execute predefined containment actions automatically, such as terminating processes and network sessions, isolating hosts, blocking communications by port and IP, quarantining files, conducting sinkholing, and preventing registry changes,” KuppingerCole noted.

IBM’s MDR services compete in a broad market that includes similar offerings from Arctic Wolf, eSentire, Fortinet, Proficio, ReliaQuest, and Sophos, according to KuppingerCole.

Managed security services are driving growth in the broader IT managed services market, as per a recent study by Canalys commissioned by Cisco. The study indicated that while total IT spending is expected to increase by 3.5% globally in 2023, IT managed services revenue is projected to grow by 12.7%.

Cybersecurity and cyber-resilience services, in particular, are contributing to this growth. “In response to evolving threats, we will see growth in networking and endpoint management, along with a rise in detection and response. Demand for compliance will also increase due to new regulations,” Canalys reported. “A move towards increased specialization will focus on areas like data analytics and AI to optimize processes and systems, making services more predictive and proactive.”

The adoption of MDR is often a response to security breaches, regulatory requirements, mergers and acquisitions, and heightened demand from organizational boards for improved cybersecurity status reporting, according to KuppingerCole analysts. Other factors include the rapid adoption of cloud services and the need to secure critical cloud data, the recognition of ransomware as a significant cybersecurity threat, the expansion of IT environments to include mobile, edge, and cloud computing, the adoption of remote/hybrid work post-pandemic, and the rapid increase in organizational data production, the analyst group found.

“For many organizations, MDR is the only way to consolidate all security threats, tools, and systems into a single control point to address and resolve all alerts, monitor and respond to all indicators of potential compromise by analyzing all security data, and assess the effectiveness of existing controls to identify areas for improvement,” KuppingerCole stated.