The Resilient Incident Response Platform updates reduce response time by “orchestrating all the parts of the response process across people, process, and technology,” said John Pinkham, marketing communications manager at IBM Resilient. It maps out the steps each team — including human resources, legal and compliance, and security — should take, depending on the type of threat.
The platform now includes built in partner integrations from Cisco, McAfee, Splunk, Carbon Black, Symantec, and others. It also comes with a new drag-and-drop business process management notation workflow engine that automates monitoring, identification, containment, and response across a company’s internal security tools and partner technologies.
“The new intelligence orchestration capabilities are enabled by deep, two-way integrations between the Resilient platform and other technologies that companies are already using within their security environment — such as security event monitoring tools, endpoint management tools, and others,” said Wangui McKelvey, director of product marketing at IBM Security Services. “Using these integrations and pre-defined playbooks, those using the platform can initiate specific actions to take place across different security tools all from within the Resilient platform, instead of having to switch tools and manually initiate additional steps.”
IBM also beefed up its managed security services offering with three new AI engines. The updates allow the service to compare incidents against 600,000 historical use cases and incidents already under investigation. This extra analysis helps the system automate certain steps in the threat management process such as dismissing false positives and implementing a quarantine on an infected endpoint.
“The AI engines being used for the Threat Management Services are new IBM patented algorithms that are being embedded into the platform our security analysts are using to perform this service,” McKelvey said. “For instance, there is a new algorithm we’ve patented called advanced threat disposition scoring, which helps further categorize threats by comparing them with historical and ongoing incidents that have been managed by IBM Security Services team globally.”
IBM Threat Index
The additional AI capabilities follow a report IBM published earlier this month that said humans are the weakest link in network security.
Beyond misconfigured cloud, individuals lured via phishing attacks represented one-third of inadvertent activity that led to a security event in 2017.
Despite human error, the number of records breached dropped nearly 25 percent in 2017, according to the report. Last year, more than 2.9 billion records were reported breached, down from 4 billion disclosed in 2016.
Echoing another recent security report from Verizon, IBM said ransomware reigned in 2017, citing attacks including WannaCry, NotPetya, and Bad Rabbit. While these caused chaos across industries — and cost organizations more than $8 billion in 2017 — they did not contribute to the total number of compromised records reported.