IBM is evolving its flagship IBM QRadar SIEM product, redesigning on a new cloud-native architecture, built specifically for hybrid cloud scale, speed, and flexibility.
IBM also unveiled plans for delivering generative AI capabilities within its threat detection and response portfolio—leveraging watsonx, the company's enterprise-ready data and AI platform.
According to the company, the new cloud-native QRadar SIEM is built to maximize the power of today's security teams. It is designed to augment and up-level security analysts daily work—tapping AI to manage time-consuming and repetitive tasks while empowering security analysts to find and respond to high priority security incidents more effectively.
"Our new cloud native SIEM is a core element of IBM's mission to usher in the next generation of security operations, built for the hybrid cloud and AI era," said Kevin Skapinetz, vice president, strategy and product management, IBM Security. "Instead of forcing analysts to work around the complexity of security technologies, we're designing technology to remove the complexity – weeding out the noise, simplifying the user experience, and empowering analysts to tackle urgent threats with greater speed and confidence."
IBM's cloud-native SIEM builds on QRadar's 13 years market leadership and analyst recognition2 for deep security analytics—with a redesigned architecture for highly efficient data ingestion, rapid search, and analytics at scale. Built on an open foundation, it is the newest addition to QRadar Suite, IBM's integrated portfolio of threat detection and response software.
The new cloud-native QRadar SIEM will be generally available as SaaS in Q4 2023, with plans to offer software for on-premises and multi-cloud deployment in 2024.
Built on Red Hat OpenShift, QRadar SIEM is designed to be open at a foundational level – allowing for deeper interoperability with multi-vendor tools and clouds.
It leverages open source and open standards for core functions including detection rules and search language—allowing it to work across companies' broader security and technology stacks.
As part of QRadar Suite, the new cloud-native SIEM offers customers access to a wide set of integrated capabilities which can allow for more proactive detection, investigation, and response across toolsets.
With QRadar Suite, organizations can gain visibility into their exposed assets via attack surface management (ASM) capabilities, search for threats across toolsets, protect at the endpoint with EDR, and connect to automated playbooks to speed response (SOAR).
QRadar SIEM empowers users with shared insights and automated actions across their core toolsets—accessed directly from their primary user interface, without needing to shift between tools.
QRadar SIEM applies multiple layers of AI and automation to improve the quality of alerts and the efficiency of security analysts. These mature AI capabilities have been pre-trained on millions of alerts from IBM's vast network of clients and are refined further post-deployment to account for each client's unique environment.
IBM also plans to release generative AI security capabilities for QRadar Suite in early 2024—built on watsonx, the company's AI and data platform.
IBM is also developing predictive generative AI security capabilities which will be trained to create active responses that optimize over time—for instance, helping security team find similar incidents, update affected systems and patch vulnerable code.
Beyond these use-cases, IBM plans to embed generative AI across its broader security software and services portfolio.
These capabilities will leverage watsonx infrastructure as well as watsonx AI models, which have been trained on curated, domain-specific datasets—designed to offer greater trust, transparency, and accuracy, according to the company.
For more information about this news, visit www.ibm.com.