{"id":89077,"date":"2023-04-27T06:38:03","date_gmt":"2023-04-27T06:38:03","guid":{"rendered":"https:\/\/www.techrepublic.com\/?p=4074636"},"modified":"2023-04-27T06:38:03","modified_gmt":"2023-04-27T06:38:03","slug":"ibm-launches-qradar-security-suite-for-accelerated-threat-detection-and-response","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=89077","title":{"rendered":"IBM launches QRadar Security Suite for accelerated threat detection and response"},"content":{"rendered":"
\"Exterior
Image: JHVEPhoto\/Adobe Stock<\/figcaption><\/figure>\n

At the RSA Conference, IBM launched a platform-centric expansion to its QRadar security product,<\/a> designed as a one-stop shop to accelerate response and offer a unified framework for security operations centers. Called QRadar Suite, the cloud native service expands capabilities across threat detection, investigation and response technologies, according to the company.<\/p>\n

The service has an integrated dashboard user experience and artificial intelligence automation for parsing threats and responses. It\u2019s designed to address the ongoing bad arithmetic around security operations centers: a threat landscape that is only expanding; more sophisticated attackers; plus an endemic shortage of human sentries to guard enterprise perimeters and kill chains.<\/p>\n

\u201cToday\u2019s Security Operation Center teams are protecting a fast-expanding digital footprint that extends across hybrid cloud environments \u2013 creating complexity and making it hard to keep pace with accelerating attack speeds,\u201d according to IBM, which also said the products are specifically meant to help buttress security operations center teams facing labor-intensive alert investigations and response processes, manual analysis and the proliferation of tools, data, points of engagement, APIs and other potential vulnerabilities.<\/p>\n

XDR, SIEM and SOAR<\/h2>\n

Keeping pace with one of the pied pipers of RSA 2023 \u2014 unified platforms over multi-vendor security \u2014 IBM said QRadar Suite includes extended detection and response, or XDR, as well as security information and event management, and security orchestration, automation and response, or SOAR. It also includes a new cloud-native log management capability \u2014 all built around a common user interface, shared insights and connected workflows.<\/p>\n

Emily Mossburg, Deloitte\u2019s global cyber leader, said SOAR is about automating the workflow, while SIEM <\/a>is the collection of security logs and events, and rules and policies to define analysis on top of that. \u201cI would consider SOAR to be security worldflow management. The vendors are sort of pushing it to help simplify the whole security operation and drive down the level of effort associated with working through incident and researching,\u201d she said.<\/p>\n

She said it comes down to dealing with a perennial shortage of security analysts.\u201cThere\u2019s an element of balancing out the talent gap and I think the reality is that there\u2019s a cost element to this. Organizations can\u2019t spend more on protecting themselves than the revenue they bring in. If you had human eyes on glass on everything all the time you couldn\u2019t afford security.\u201d<\/p>\n

IBM said its QRadar SIEM has a new unified analyst interface that provides shared insights and workflows with broader security operations toolsets. IBM said it plans to make QRadar SIEM available as a service on Amazon Web Services by the end of Q2 2023.<\/p>\n

AI, the sine qua non of security?<\/h2>\n

During RSA, many companies talked about the virtues of AI in security, particularly with the increase in alerts into SOCs and the paucity of human agents, particularly in mid-sized businesses that are perhaps more vulnerable to phishing attacks.<\/p>\n

IBM Managed Security Services said it is using AI to automate more than 70% of alert closures and reduce its alert triage timelines by 55% on average within the first year of implementation, according to the company.<\/p>\n

IBM said QRadar uses AI to:<\/p>\n