SAN FRANCISCO — IBM on Monday launched QRadar Suite, a subscription offering that combines AI-enhanced versions of IBM’s preexisting threat detection and response portfolio into one broad product.
The product is a compilation of QRadar Log Insights and new versions of QRadar SIEM, QRadar EDR and XDR, and QRadar SOAR. Log Insights, a log management and security observability tool built for the cloud, is fully new.
The other major differentiators are that the suite is being delivered first as SaaS on AWS and that all products in the platform have an interconnected interface, which IBM refers to as the “unified analyst experience,” said Chris Meenan, vice president of IBM Security Product Management.
“This interface provides sophisticated AI and automation capabilities, and shared insights and workflows between products in the suite, and can also easily connect to work with companies’ existing third-party tool sets,” Meenan said.
QRadar Suite’s AI features will be used as an automation tool to enable security analysts to focus on higher-priority work. Among the new features is AI-powered alert triage, which prioritizes security alerts via models “trained on prior analyst response patterns,” according to IBM.
Meenan said the alert triage can “accurately and automatically prioritize alerts, and automatically close low-priority alerts so that analysts can focus more narrowly on the threats that require further review.” He said IBM Managed Security Services tested the product with a group of more than 400 clients and claimed that the clients saw their overall threat management timeline sped up “by more than 50%.”
Other new features IBM cited include automated threat investigations to automatically identify and investigate high-priority incidents, and accelerated threat hunting, which IBM said helps security analysts “discover stealthy attacks and indicators of compromise across their environments, without moving data from its original source.”
QRadar Suite became available to purchase as a SaaS offering when announced during RSA Conference 2023. The original versions of IBM’s QRadar products will remain available and continue to be updated alongside their new counterparts. IBM declined to provide sample pricing information.
AI as a tool in security has grown into an emerging topic of interest. Sophos last summer announced plans to develop an AI-assisted security operations center. The AI would, in concert with human professionals, be used to process large amounts of threat intelligence data to make faster response decisions.
Asked about AI in security as a whole, Meenan said the industry is reaching a maturity “tipping point.”
“After several years of trial and refinement with real-world users, and ongoing advancement of the AI models themselves, these capabilities are no longer just buzzwords or trials for early adopters,” he said. “But in many cases, we are now seeing the first enterprise-grade solutions that can be used to make a tangible impact on security operations.”
Alexander Culafi is a writer, journalist and podcaster based in Boston.