IBM Unveils Next-Gen Cloud-Native SIEM, Enhances Security Operations with AI Innovations

Technology giant IBM the company has taken a bold step by launching a revamped version of its QRadar SIEM (Security Information and Event Management) solution. According to the organization, this latest model is structured as a cloud-native framework and is strategically designed to excel in hybrid cloud ecosystems, offering scalability, speed, and adaptability.

IBM is on a mission to usher in a new age of security operations that align with the intricacies of hybrid clouds and AI technology. In addition, the company expressed its goal to integrate state-of-the-art AI functionalities into its arsenal for threat detection and response, leveraging the capabilities of watsonx —the robust data and AI platform that the company provides.

"Our latest cloud-native QRadar SIEM utilizes a distinctive combination of AI and automation to greatly enhance the speed and efficiency of security teams when addressing potential threats. QRadar employs both supervised and unsupervised machine learning methodologies to uncover signs of compromise and recommend actions based on historical data, outside threat contexts, and actions taken by analysts,\" explained Adam Frank, CTO of Security Intelligence at IBM Security told Metaverse Post.

IBM emphasizes that the rapid growth and intricacy of contemporary hybrid cloud systems have significantly broadened the attack vector, necessitating comprehensive security measures. As the IT landscape evolves, discerning real threats amid the cacophony generated by various technologies, manual searches, and an avalanche of alerts without clear context becomes ever more daunting.

IBM’s recent global survey research shows that professionals in security operations centers (SOC) manage to address less than half (49%) of alerts during a standard workday, highlighting the pressing need for a more efficient approach.

Frank further stated that the company is leveraging AI technology to enhance the integrity of security alerts, focusing on those that demand immediate attention, while also assisting teams in initiating certain investigative tasks such as threat hunting.

Harnessing AI for Enhanced Cloud Security

IBM states that its QRadar Cloud-Native SIEM builds on QRadar’s longstanding 13-year legacy of excellence in security analytics. The newly launched edition features a re-engineered architecture optimized for efficient data ingestion, swift search capabilities and scalable analytics .

Positioned as a key component of IBM's integrated suite of threat detection and response software QRadar Suite , the Cloud-Native SIEM is designed to enhance the daily operations of security analysts. The organization claims it employs AI to handle time-intensive and redundant tasks, allowing analysts to focus on identifying and addressing critical threats more proficiently.

Developed on Red Hat OpenShift, the QRadar SIEM features an open architecture aimed at promoting enhanced interoperability across a spectrum of vendor tools and cloud services. The platform adopts open-source standards for detection protocols and search languages, enabling seamless integration with an extensive array of security and technology ecosystems.

In addition, it adopts a standardized, universal language for detection protocols (SIGMA), allowing clients to effortlessly bring in new, community-sourced detections as threats evolve.

IBM boasts that QRadar has one of the industry's largest partner ecosystems, featuring over 700 pre-existing integrations, fostering collaboration across diverse security technologies.

"Security analysts commonly face challenges arising from the use of numerous disconnected tools, which ultimately hampers their efficiency, consuming time on integrations, and potentially causing them to overlook significant threats,\" commented IBM Security’s Frank. \"Utilizing a SIEM built on open technologies and standards creates an inherently interoperable foundation, enabling teams to dedicate more time to identifying and addressing threats, rather than grappling with convoluted integrations or switching between different tools.\"

Frank also noted that the QRadar SIEM platform integrates multiple layers of AI and automation to enhance the quality of alerts and the overall efficacy of security analysts. These AI capabilities , pre-trained on a multitude of client alerts, are meticulously tailored post-deployment to fit each client's specific environment.

Standout features encompass alert prioritization, threat assessment, and adaptive detection to keep pace with advancing threats. IBM’s AI-driven security features have been woven into the QRadar Suite analyst interface, offering contextual insights and embedding AI into analysts' everyday workflow seamlessly.

"Foundation models build on the foundations of LLMs’ straightforward language processing while dramatically expanding or surpassing the current parameter volume bound to AI. This renders them innately insightful, enabling the tools they power to be more adaptable and capable of evolving alongside changing threats,\" explained Frank from IBM Security to Metaverse Post. \"AI models also have the potential to generate fresh content, establish connections, and acquire new information in real-time, delivering insights to analysts in natural language. This implies that analysts can be liberated from mundane, routine tasks—those can be managed by AI, enabling them to concentrate on high-priority alerts and tasks that add significant value.\"

IBM claims that the federated search functionality of QRadar SIEM enables users to swiftly query data from any integrated data source within their environment, utilizing a query pattern recognized as STIX. The updated SIEM can connect with various data sources internally, execute queries, and return results in a unified data schema designed for security analysts to utilize in addressing security-related tasks.

IBM's Vision for Generative AI Security Developments

IBM has outlined plans to introduce generative AI (GAI) security enhancements through the QRadar Suite are anticipated in early 2024, built upon the infrastructure of watsonx, IBM’s AI and data platform.

GAI is aimed at optimizing the time and skill sets of security teams by automating repetitive tasks, freeing analysts to delve into more complex and valuable work. Possible implementations include automating reporting, accelerating threat investigations, simplifying the analysis of machine-generated data, and curating relevant threat intelligence.

Furthermore, IBM is innovating predictive GAI security functionalities designed to evolve continuously over time. These capabilities target assisting security teams to efficiently manage incidents, update affected systems, and patch vulnerabilities.

"The most significant transformation we anticipate from generative AI within the industry will be its power to supercharge our analysts, easing their burdens and taking over tasks that machines can efficiently handle. This will empower our security teams to dedicate their efforts to high-value challenges and gratifying work,\" stated Frank from IBM Security. \"IBM will continue to pursue its goal of trustworthy AI with generative AI, utilizing its capabilities to streamline our offerings and enhance the speed and precision of our solutions.\"

Committing to open standards and seamless AI integration, IBM adopts a proactive strategy to tackle the escalating obstacles presented by modern hybrid cloud security. Initially, the Cloud-Native SIEM is scheduled for release as a Software as a Service (SaaS) in Q4 2023, with plans to expand into on-premises and multi-cloud implementation options throughout 2024.