Unlocking Security Team Potential: IBM Launches Cloud-Native SIEM

By Greg Tavarez, TMCnet Editor  |  November 14, 2023

The pace of evolution and scaling, when it comes to hybrid technology, is on the rise – it's in plain sight in front of us. With that said, this rapid growth, while promising greater efficiency and connectivity, brought about an unintended consequence: a larger and more intricate attack surface for organizations to safeguard. As businesses continue to adopt hybrid cloud solutions that combine on-premises and cloud-based resources, the security challenges become more daunting.

The complexity of today's hybrid cloud environments is further exacerbated by the volume of security alerts generated by these systems. In fact, a recent global survey revealed a disconcerting reality for SOC professionals – they can review less than half of the alerts that inundate their workdays. This statistic is proof that there is an urgent need for solutions to streamline threat detection, contextualize alerts and improve visualizations, all of which are essential to fortify the digital defenses of organizations in an era where cyber threats loom large.

IBM is set to spearhead that initiative with a major evolution of its flagship IBM (News - Alert) QRadar SIEM product: redesigned on a new cloud-native architecture, built specifically for hybrid cloud scale, speed and flexibility.

QRadar SIEM is part of the QRadar Suite and offers integrated features for enhanced threat detection and response, including attack surface management, cross-toolset threat searches, EDR for endpoint protection and automated playbooks.

QRadar SIEM, built on Red Hat (News - Alert) OpenShift, allows for seamless interoperability with a multitude of tools and cloud platforms, employing open-source and open standards for critical functions such as detection rules and search language. This versatility enables it to seamlessly integrate into an organization's broader security and technology infrastructure. Notably, it gets the most out of the security community by using common detection rules, which enable the importation of new, crowd-sourced threat detections as cyber threats evolve.

One of QRadar SIEM's standout features is its capacity to investigate across diverse data sources, thanks to federated search and threat hunting capabilities based on open-source technologies. This allows security analysts to proactively hunt for and investigate threats across cloud and on-premise data sources without having to move the data from its original location. The system further benefits from a vast partner network, boasting more than 700 pre-built integrations, enhancing its overall utility.

In addition,  QRadar SIEM leverages AI to streamline alert management, automating low-priority alerts and enriching high-priority ones with context. This has led to automation of alert handling and faster threat triage. It also expedites investigations by conducting federated searches, generating visual attack timelines, and adapting to evolving threats through continuous updates.

"Our new cloud native SIEM is a core element of IBM's mission to usher in the next generation of security operations, built for the hybrid cloud and AI era," said Kevin Skapinetz, vice president, strategy and product management, IBM Security.

Speaking of AI, IBM also unveiled plans for delivering generative AI capabilities within its threat detection and response portfolio – leveraging watsonx, the company's enterprise-ready data and AI platform.

This strategy aims to optimize the efficiency of security teams by handling mundane tasks on behalf of analysts, enabling them to focus on more complex, high-value work. GAI's features include automating report generation for security cases and incidents, expediting threat hunting through natural language-based threat detection searches, simplifying the interpretation of machine-generated data from security logs and curating relevant threat intelligence tailored to a client's unique risk profile.

"Instead of forcing analysts to work around the complexity of security technologies, we're designing technology to remove the complexity – weeding out the noise, simplifying the user experience, and empowering analysts to tackle urgent threats with greater speed and confidence,” said Skapinetz.

The new cloud-native QRadar SIEM will be generally available as SaaS (News - Alert) in Q4 2023, with plans to offer software for on-premises and multi-cloud deployment in 2024.

Edited by Greg Tavarez
Get stories like this delivered straight to your inbox. [Free eNews Subscription]