IBM Launches Cloud-Native SIEM, Bolsters Security Operations with AI

Share this article

• 
• 
• 
• 
• 

by Victor Dey

Published: November 07, 2023 at 6:00 am Updated: November 07, 2023 at 4:49 am

To improve your local-language experience, sometimes we employ an auto-translation plugin. Please note auto-translation may not be accurate, so read original article for precise information.

Technology giant IBM today launched an upgraded version of its QRadar SIEM (Security Information and Event Management) technology. According to the company, the latest iteration is architected as a cloud-native solution and has been purpose-built to excel in hybrid cloud environments — providing scale, speed and flexibility.

IBM said it aims to transition into a new era of security operations, tailored to the hybrid cloud and AI landscape. Furthermore, the company also revealed its intentions to incorporate cutting-edge AI capabilities into its threat detection and response arsenal, harnessing the power of watsonx — the company’s enterprise-grade data and AI platform.

“Our new cloud-native QRadar SIEM uses a unique combination of AI and automation that is designed to maximize security teams speed and efficiency as they respond to threats. QRadar uses both supervised and unsupervised machine learning techniques to detect indicators of compromise and recommend remediations based on historical data, external threat contexts, and analyst actions,” Adam Frank, CTO of Security Intelligence at IBM Security told Metaverse Post.

IBM asserts that the rapid expansion and complexity of modern hybrid cloud environments have significantly expanded the attack surface, necessitating robust security measures. This growth in the IT landscape has made it increasingly challenging to swiftly identify genuine threats amidst the noise generated by disparate technologies, manual search processes, and a deluge of alerts lacking clear context or visual representation.

IBM’s recent global survey found that security operations center (SOC) professionals address less than half (49%) of the alerts within a typical workday, illustrating the urgency for a more streamlined approach.

Frank added that the company is utilizing AI to help improve the quality of security alerts and prioritize those that are most important, and also to help teams jump start certain tasks like threat hunting.

Leveraging AI to Strengthen Cloud Security

IBM said its QRadar Cloud-Native SIEM builds upon QRadar’s impressive 13-year track record and its reputation for deep security analytics. The new version comprises of a redesigned architecture that excels in highly efficient data ingestion, rapid search and scalable analytics.

As an integral addition to the IBM’s integrated portfolio of threat detection and response software QRadar Suite, the Cloud-Native SIEM aims to enhance the daily work of security analysts. The company said it leverages AI to manage time-consuming and repetitive tasks, enabling analysts to identify and respond to high-priority threats more effectively.

Built on Red Hat OpenShift, the QRadar SIEM is designed with an open foundation that aims to promote deeper interoperability with multiple vendor tools and cloud platforms. The platform leverages open-source standards for detection rules and search language, facilitating seamless integration with broader security and technology ecosystems.

Moreover, it utilizes a common, shared language for detection rules (SIGMA), enabling clients to easily import new, crowd-sourced detections from the security community as threats evolve.

IBM assets that QRadar boasts one of the industry’s largest partner networks, with over 700 pre-built integrations, facilitating collaboration with various security technologies.

“Security analysts are faced with the challenge of using too many disconnected tools, which ultimately slows them down, taking up time with integrations, and potentially missing threats as a result,” said IBM Security’s Frank. “Having a SIEM that is built on open technologies and standards creates more natively interoperable foundation, so teams can spend more time finding and responding to threats and less time on complicated integrations or flipping between tools.”

Frank further added that QRadar SIEM platform incorporates multiple layers of AI and automation to enhance alert quality and the efficiency of security analysts. These AI capabilities, pre-trained on millions of client alerts are fine-tuned post-deployment to suit each client’s unique environment.

Notable features include alert prioritization, threat investigation and adaptive detection to stay current with evolving threats. IBM’s AI security capabilities have also been integrated into the QRadar Suite analyst interface, providing contextual insights to analysts and making AI an intuitive part of their regular workflow.

“Foundation models build on LLMs’ simple language processing and significantly augment or supersede the current volume of parameters that AI is bound to. This makes them inherently insightful, enabling the tools they power to be more adaptive, and capable of evolving in tandem with mutating threats,” IBM Security’s Frank explained Metaverse Post. “AI models can also generate new content, create connections, and learn additional content in real-time, providing insights to analysts in natural language. This means that analysts don’t need to be bogged down by mundane, repetitive tasks – those can be performed by the AI, in order for analysts to focus on high value tasks and top priority alerts.”

IBM claims that QRadar SIEM’s federated search capability which allows users to quickly query data from any connected data source in the environment, utilizing an open source query patterning called STIX. The new SIEM can connect to different data sources within the environment, issue searches and bring back results in a common data schema which the security analysts can use to satisfy security use cases.

IBM’s Future Plans for Generative AI Security Capabilities

IBM has outlined plans to introduce generative AI (GAI) security capabilities through the QRadar Suite in early 2024, built on the foundation of watsonx, the company’s AI and data platform.

GAI aims to optimize security teams’ time and talent by automating routine tasks, allowing analysts to focus on more complex and high-value work. Potential applications include automating reporting, expediting threat hunting, simplifying the interpretation of machine-generated data, and curating relevant threat intelligence.

Additionally, IBM is developing predictive GAI security capabilities designed to continuously improve over time. These capabilities aims to help security teams efficiently address incidents, update affected systems and patch vulnerabilities.

“The biggest impact we can expect to see from generative AI on the industry: it will supercharge our analysts, relieving pressure and taking over tasks that machines are capable of managing in order for our security teams to tackle high value issues and rewarding work,” said IBM Security’s Frank. “IBM will continue driving toward its mission of trustworthy AI with generative AI, leveraging its capabilities to simplify our portfolio as well as improve the speed and accuracy of our solutions.”

With a commitment to open standards and AI integration, IBM is taking a proactive approach to address the growing challenges in modern hybrid cloud security. The Cloud-Native SIEM is slated for initial delivery as Software as a Service (SaaS) in Q4 2023, with plans to roll out on-premises and multi-cloud deployment options in 2024.

About The Author

Victor is a Managing Tech Editor/Writer at Metaverse Post and covers artificial intelligence, crypto, data science, metaverse and cybersecurity within the enterprise realm. He boasts half a decade of media and AI experience working at well-known media outlets such as VentureBeat, DatatechVibe and Analytics India Magazine. Being a Media Mentor at prestigious universities including the Oxford and USC and with a Master's degree in data science and analytics, Victor is deeply committed to staying abreast of emerging trends. He offers readers the latest and most insightful narratives from the Tech and Web3 landscape.

More articles

Victor Dey

• 

Victor Dey

Victor is a Managing Tech Editor/Writer at Metaverse Post and covers artificial intelligence, crypto, data science, metaverse and cybersecurity within the enterprise realm. He boasts half a decade of media and AI experience working at well-known media outlets such as VentureBeat, DatatechVibe and Analytics India Magazine. Being a Media Mentor at prestigious universities including the Oxford and USC and with a Master's degree in data science and analytics, Victor is deeply committed to staying abreast of emerging trends. He offers readers the latest and most insightful narratives from the Tech and Web3 landscape.

More articles