IBM updates IRP
IBM is merging human and machine-based intelligence with updates to its Resilient Incident Response Platform (IRP).
The platform now includes intelligent orchestration in order to improve the response process to security threats. It consolidates features like incident case management, orchestration, automation, intelligence and deep two-way partner integrations into a single platform.
The platform includes partner integrations from Cisco, McAfee, Splunk, Carbon Black, Symantec, among others. The company said the combination of these technologies will provide partners and security teams with an easy way to share data and actions between technology solutions and security tools. The platform also offers analysts enterprise-grade integrations out of the box, in addition to a new drag-and-drop business process management notation workflow engine.
“The collaboration between humans and intelligent machines is going to affect every industry,” Marc van Zadelhoff, general manager of IBM Security, said in a release. “In security, we see this manifesting itself first in the security operations center where the data only keeps growing. Companies have an opportunity with breakthroughs like AI for active threat management and intelligent orchestration to rewire incident response procedures for the age of intelligence.”
Additionally, IBM introduced a new IBM X-Force Threat Management Services system, which is part of the Resilient platform. The services were designed to automate remedial work so security analysts can focus on other tasks, such as threat hunting.
“The new IBM X-Force Protection Platform connects tools from IBM and partners with new machine learning and AI algorithms embedded to guide analysts through the entire threat management process and automates many simple functions that previously required human intervention,” wrote Zadelhoff. “Through the use of the new Resilient IRP, the system will also support the orchestration of more complex response activities using IBM and partner tools, all from within the Resilient platform.”
The system leverages three new A.I. engines capable of comparing incidents against 600,000 historical use cases. This enables the platform to automate various tasks in the threat management process, such as dismissing false positives or duplicate alerts, according to the company.
The announcement follows on the heels of IBM releasing its X-Force Threat Intelligence Index report. According to the report, the number of records breached dropped nearly 25% in 2017 as cybercriminals shifted their focus on using ransomware to lock or destroy data unless a victim pays a ransom.
