IBM has announced new AI capabilities for its Threat Detection and Response (TDR) services, promising more automation and efficiency for enterprise security teams. The tech giant is incorporating advanced analytics and real-time threat intelligence to help organizations monitor, investigate, and respond to security threats across hybrid cloud environments.
The new TDR services provide 24/7 monitoring and support from IBM security analysts. The underlying platform applies AI models trained on real-world client data from IBM's global security services. This enables automated alert prioritization and potential false positive reduction.
Specifically, IBM claims its AI can automatically close up to 85% of low priority security alerts and escalate high risk threats needing immediate response. This should help reduce alert fatigue for analysts and speed investigation workflows. The TDR services also auto-recommend optimized detection rules based on insights from IBM's threat management engagements.
According to Chris McCurdy, GM of IBM Cybersecurity Services, AI-powered TDR can "augment organization's security defenses with a capability that is scalable, continuously improving and strong enough for tomorrow's threats." The company monitors over 2 million endpoints and 150 billion events per day.
TDR services integrate with clients' existing security tools through open APIs, avoiding rip-and-replace costs. Customers gain unified visibility and can enforce consistent policies across hybrid environments. IBM provides access to its expert X-Force cybersecurity team for ongoing guidance and maturity assessments.
IBM is positioning its TDR services to help organizations move to more proactive security postures. Features like MITRE ATT&CK framework gap assessments, detection optimization, and adversary simulations aim to strengthen defenses and reduce business risk.
As threats continue to outpace security teams, AI and automation will become increasingly critical for effective cybersecurity. IBM is leaning into its scale, resources and experience to productize these capabilities for enterprises worldwide. However, success will depend on seamless integration and continued human-machine collaboration.