IBM is launching a suite of AI-based managed services aimed at enhancing the capabilities of network and security operations teams in their battle against cyber threats. These Threat Detection and Response (TDR) Services, managed by the IBM Consulting Group, offer round-the-clock monitoring, investigation, and automated remediation of security alerts stemming from a range of sources, including existing security tools, cloud services, on-premises systems, and operational technology networks within the enterprise.
One of the key features of these services is their ability to consolidate information from more than 15 security event and incident management (SIEM) tools, as well as multiple third-party endpoint and network detection and response solutions. The overarching goal is to assist enterprise customers in managing the deluge of vulnerabilities, alerts, and security tools they encounter daily. By leveraging AI and advanced analytics, these managed services aim to automate the process of filtering out noise, enabling IT teams to focus their efforts on addressing critical threats to the organization.
IBM’s TDR Services, now available, typically do not require agents to collect information from customers’ enterprise environments, such as servers, endpoints, and other devices. Combined with insights from IBM X-Force’s global network of sensors and intelligence analysis, these services utilize AI models and tools to identify and prioritize high-risk alerts, allowing security teams to take immediate action while providing valuable investigation context.
According to a recent MDR report from KuppingerCole, IBM’s MDR services boast the capability to detect threats across the entire IT estate, including network-based detections, full packet capture, and inspection, along with the identification of various malicious activities such as ransomware and evasive malware. Moreover, the services include attacker behavior analytics and the ability to execute predefined containment actions automatically, such as terminating processes, isolating hosts, blocking communications, quarantining files, sinkholes, and preventing registry changes.
IBM’s MDR services compete in a robust market alongside similar offerings from Arctic Wolf, eSentire, Fortinet, Proficio, ReliaQuest, and Sophos, according to KuppingerCole.
The managed security services sector is experiencing significant growth, contributing to the broader IT managed services market’s uptick, as highlighted in a recent study conducted by Canalys and commissioned by Cisco. While global IT spending is projected to grow by 3.5% in 2023, IT-managed services revenue is expected to increase by 12.7%. Cybersecurity and cyber-resilience services are playing a pivotal role in driving this expansion, with a particular focus on networking, endpoint management, detection and response, and compliance.
The adoption of MDR solutions is driven by various factors, including responding to security breaches, adhering to regulatory requirements, addressing board-level demands for enhanced cybersecurity reporting, and the growing reliance on cloud services. Furthermore, the surge in remote and hybrid work arrangements, the rise of ransomware threats, the expansion of IT environments encompassing mobile, edge, and cloud computing, and the ever-increasing volume of organizational data contribute to the adoption of MDR solutions.