Modernized, unified interface streamlines analyst response across full attack lifecycle Sophisticated AI and automation capabilities shown to speed alert triage by average of 55%1
ARMONK, N.Y., April 24, 2023 /PRNewswire/ — Today IBM (NYSE: IBM) unveiled its new security suite designed to unify and accelerate the security analyst experience across the full incident lifecycle. The IBM Security QRadar Suite represents a major evolution and expansion of the QRadar brand, spanning all core threat detection, investigation and response technologies, with significant investment in innovations across the portfolio.
Delivered as a service, the IBM Security QRadar Suite is built on an open foundation and designed specifically for the demands of hybrid cloud. It features a single, modernized user interface across all products – embedded with advanced AI and automation designed to empower analysts to work with greater speed, efficiency and precision across their core toolsets.
Today’s Security Operation Center (SOC) teams are protecting a fast-expanding digital footprint that extends across hybrid cloud environments – creating complexity and making it hard to keep pace with accelerating attack speeds. They can be slowed down by labor-intensive alert investigations and response processes, manually stitching together insights and pivoting between disconnected data, tools and interfaces. SOC professionals say they spend around one-third of their day investigating and validating incidents that turn out to not be real threats, according to a recent survey.2
Built on the company’s existing leadership in 12 security technology categories,3 IBM has rearchitected its market leading threat detection and response portfolio to maximize speed and efficiency, and to meet the specific needs of today’s security analysts. The new IBM Security QRadar Suite includes EDR/XDR, SIEM, SOAR, and a new cloud-native log management capability – all built around a common user interface, shared insights and connected workflows, with the following core design elements:
- Unified Analyst Experience: Refined in collaboration with hundreds of real-world users, the suite features a common, modernized user interface across all products: designed to dramatically increase analyst speed and efficiency across the entire attack chain. It is embedded with enterprise-grade AI and automation capabilities that have been shown to speed alert investigation and triage by 55% in the first year, on average.1
- Cloud Delivery, Speed & Scale: Delivered as a service on Amazon Web Services (AWS), QRadar Suite products allow for simplified deployment, visibility and integration across cloud environments and data sources. The suite also includes a new, cloud-native log management capability optimized for highly efficient data ingestion, rapid search and analytics at scale.
- Open Foundation, Pre-Built Integrations: The suite brings together the core technologies needed across threat detection, investigation and response – built around an open foundation, an extensive partner ecosystem, and more than 900 pre-built integrations that provide strong interoperability between IBM and third-party toolsets.
“In the face of a growing attack surface and shrinking attack timelines, speed and efficiency are fundamental to the success of resource-constrained security teams,” said Mary O’Brien, General Manager, IBM Security. “IBM has engineered the new QRadar Suite around a singular, modernized user experience, embedded with sophisticated AI and automation to maximize security analysts’ productivity and accelerate their response across each step of the attack chain.”
Co-innovation for Real-World Security Demands
The QRadar Suite is the culmination of years of IBM investment, acquisitions and innovations in threat detection and response. It features dozens of mature AI and automation capabilities that have been refined over time with real-world users and data, including IBM Managed Security Service engagements with more than 400 clients. It also includes innovations developed in collaboration with IBM Research and the open source security community.
These AI-powered capabilities have been shown to significantly improve the speed and accuracy of SOC operations: For example, allowing IBM Managed Security Services to automate more than 70% of alert closures and reduce its alert triage timelines by 55%2 on average within the first year of implementation.
Bringing these capabilities together via the unified analyst experience, the QRadar Suite automatically contextualizes and prioritizes alerts, displays data in visual format for rapid consumption, and provides shared insights and automated workflows between products. This approach can drastically reduce the number of steps and screens required to investigate and respond to threats. Examples include:
- AI-Powered Alert Triage: Automatically prioritizes or closes alerts based on AI-driven risk analysis, using AI models trained on prior analyst response patterns, along with external threat intelligence from IBM X-Force and broader contextual insights from across detection toolsets.
- Automated Threat Investigation: Identifies high-priority incidents that may warrant investigation, and automatically initiates investigation by fetching associated artifacts and gathering evidence via data mining across environments. The system uses these results to generate a timeline and attack graph of the incident based on MITRE ATT&CK framework and recommends actions to speed response.
- Accelerated Threat Hunting: Uses open source threat hunting language and federated search capabilities to help threat hunters discover stealthy attacks and indicators of compromise across their environments, without moving data from its original source.
By helping analysts respond faster and more efficiently, QRadar technologies can also help security teams improve their productivity and free up analysts’ time for higher value work.
Open, Connected and Modernized Security Suite
The QRadar Suite leverages open technologies and standards across the portfolio, alongside hundreds of pre-built integrations with IBM Security ecosystem partners. This model enables deeper shared insights and automated actions across third party clouds, point products, and data lakes, which can reduce deployment and integration times from months to days or weeks.