IBM Resilient enterprise security platform merges human, machine learning

IBM says that combining both human and machine intelligence gives us the best chance of responding to incidents before security breaches occur.
Written by Charlie Osborne, Contributing Writer

IBM has upgraded the Resilience enterprise security platform to harness both human and machine intelligence for incident response.

The new orchestration capabilities bring together the best of both worlds -- the expertise of cybersecurity professionals and machine learning (ML), which can be utilized to take the manual labor and strain off human partners, the tech giant said on Monday.

According to the firm, the Resilient Incident Response Platform (IRP) will "dramatically accelerates and sharpens incident response by seamlessly combining incident case management, orchestration, automation, intelligence, and deep two-way partner integrations into a single platform."

Threat actors and cybercrime are placing immense pressure on companies and their security teams which often find themselves understaffed and underfunded. Cisco suggests that last year, security teams were only able to investigate 56 percent of daily security threats, which leaves 44 percent of alerts unexplored on average.

However, machine learning and artificial intelligence systems may become key tools which reduce this pressure, allowing security staff to focus on key areas without being bogged down in false positives and alerts which often reach the thousands on a daily basis.

IBM's solution aims to shoulder this task. The platform can be set up to orchestrate and automate incident response alerts and actions which would otherwise require human operators, supported by a business process management notation (BPMN) workflow engine.

The IBM X-Force Threat Management Services system, which is connected to the Resilience service, combines three artificial intelligence engines to manage threat events.

"This [...] direct analysts through a fast, accurate, and expert-level response process, and ensures the right incident information is delivered exactly when they need it," IBM says. "The new platform allows analysts to move and re-use integrations without needing to understand the technical or implementation background. As a result, organizations can improve the speed and agility of their response process and achieve rapid time to value of their security investments."

Partners including Cisco, McAfee, Splunk, Carbon Black, and Symantec have also joined the platform, which, it is hoped, will promote security event sharing.

"The collaboration between humans and intelligent machines is going to affect every industry," said Marc van Zadelhoff, General Manager of IBM Security. "In security, we see this manifesting itself first in the security operations center where the data only keeps growing."

"Companies have an opportunity with breakthroughs like AI for active threat management and Intelligent Orchestration to rewire incident response procedures for the age of intelligence," the executive added.

See also: IBM adept at transformation amidst market changes: APAC CEO

Earlier this month, IBM X-Force said in the team's annual Threat Intelligence Index that there has been close to a 25 percent drop in compromised records as threat actors move towards ransomware instead of outright data theft.

IBM suggests that ransomware began to take over the criminal hacking scene in 2017. This particular form of malware's potential to generate income from everyone from individuals to large enterprises was best highlighted by the WannaCry campaign, which debilitated healthcare organizations worldwide.

The top open-source rookies, projects in 2018

Previous and related coverage

Editorial standards