To assist enable autonomous security operations and Predictive Threat Intelligence for clients, IBM today added new agentic and automation capabilities to its managed detection and response service offerings.
An agentic AI system called the Autonomous Threat Operations Machine (ATOM), being introduced by IBM, would enable autonomous threat triage, investigation, and remediation with little assistance from humans. IBM is also announcing the X-Force Predictive Threat Intelligence (PTI) agent for ATOM, which employs Artificial Intelligence foundation models specific to industry verticals to eliminate manual threat hunting and provide predictive threat insights on potential adversaries.
Companies are finding it tougher to detect and respond to cyber threats as they become more persistent and stealthy. “By delivering agentic AI capabilities, IBM is automating threat hunting to help improve detection and response processes so clients can unlock new value from security operations and free up already scarce security resources.”
Autonomous Threat Operations Machine (ATOM)
In order to enhance an organization’s current security analytics solution, ATOM’s AI agentic framework and orchestration engine, which powers IBM’s Threat Detection and Response (TDR) services, uses multiple individual agents to speed up threat detection, analyze alerts with contextualization and enrichment, perform risk analysis, develop and carry out investigation plans, and carry out remediation actions that improve the security analyst experience. Instead of wasting time on false positives or lower-priority threats, this orchestration enables security teams to concentrate on high-priority threats.
Delivering AI-based orchestration for threat detection and response is only one of the security operations center (SOC) outcomes that IBM Consulting assists customers with as a worldwide systems integrator and managed security services provider. As a vendor-neutral digital operator within the TDR platform, ATOM offers AI capabilities that interface with IBM’s current solutions as well as those of its partners, including Google Cloud, Microsoft, and others.
Advantages
85% L1 automation lets analysts focus on higher-value work
Through task automation, process simplification, collaboration improvement, and the intelligent management of digital labour, ATOM boosts company efficiency.
Find and confirm threats faster
By contextualising environmental hazards, ATOM’s predictive threat intelligence facilitates proactive threat mitigation and speeds up detection.
Reduced noisy alarms by 45% for system efficiency
The MITRE ATT&CK methodology for thorough threat visibility and ongoing posture optimisation is operationalised by ATOM.
AI-powered Capabilities
Predictive Threat Intelligence
Use autonomous threat intelligence to proactively minimize risks. Utilize Gen AI to create risk assessments, automate hunts, curate threat intelligence, and connect threat behavior with environmental context in order to proactively prevent assaults and set remedial priorities.
Threat Detection Insights
Use MITRE ATT&CK analysis and AI-driven insights to optimize detection posture. To maximize detection coverage and close important gaps, use gen AI. Automate reporting and management for security technologies that are hybrid and multi-cloud.
Advanced threat disposition scoring
Automated triage and alert dispositioning can speed up danger detection by simulating human thinking. Utilise Gen AI to prioritise critical alerts, discover uncommon occurrences, automate low-risk problems, provide explainable insights, and learn from analyst behaviour.
Cybersecurity Agent – Threat Investigations
Automation of threat investigation that can produce insights into attacks and cross-relate activities to speed up investigations. Reduce case assembling time and streamline the investigative procedure using Gen AI. Cross-correlate warnings, make contextual understanding easier, and aid in the development of hypotheses to aid in analyst decision-making.
Cybersecurity Agent – Threat Response
Use dynamically created, decomposable playbooks to automate remediation. To suggest and automate reaction activities across protective technology, use gen AI. Response behaviour in the past that was tailored to the threat type and attack stage. Get advice to reduce the danger of recurrence along with detailed instructions for quicker containment, eradication, and recovery procedures.
Predictive Threat Intelligence (PTI)
To assist in curating proactive threat intelligence, IBM X-Force Predictive Threat Intelligence (PTI) combines AI with skilled human analysis. Predictive Threat Intelligence offers a customised, contextualised threat intelligence feed and forecasts possible attacks based on adversary behaviour. It is built on proprietary AI core models that have been trained on cybersecurity data.
PTI collects information from over 100 sources, including as X-Force Threat Intelligence, open-source RSS feeds, APIs, and other automated sources, in addition to user-supplied organizational context, in order to identify early signs of behavior and breach. Predictive Threat Intelligence compiles the data into collective intelligence reports that contain suggested threat hunt questions based on the particular requirements of the company. Businesses may anticipate dangers by concentrating on behavioral indicators rather than merely compromise signs.
