IBM has unveiled its new security suite designed to unify and accelerate the security analyst experience across the full incident lifecycle. The Security QRadar Suite spans all core threat detection, investigation and response technologies, with significant investment in innovations across the portfolio.
Delivered as a service, the IBM Security QRadar Suite is built on an open foundation and designed specifically for the demands of hybrid cloud. It features a single, modernized user interface across all products – embedded with advanced AI and automation designed to empower analysts to work with greater speed, efficiency and precision across their core toolsets.
Today’s Security Operation Center (SOC) teams are protecting a fast-expanding digital footprint that extends across hybrid cloud environments – creating complexity and making it hard to keep pace with accelerating attack speeds. They can be slowed down by labor-intensive alert investigations and response processes, manually stitching together insights and pivoting between disconnected data, tools and interfaces. SOC professionals say they spend around one-third of their day investigating and validating incidents that turn out to not be real threats, according to a recent survey.
IBM has rearchitected its threat detection and response portfolio to maximize speed and efficiency, and to meet the specific needs of today’s security analysts. The new IBM Security QRadar Suite includes EDR/XDR, SIEM, SOAR, and a new cloud-native log management capability – all built around a common user interface, shared insights and connected workflows, with the following core design elements:
- Unified Analyst Experience: Refined in collaboration with hundreds of real-world users, the suite features a common, modernized user interface across all products: designed to dramatically increase analyst speed and efficiency across the entire attack chain. It is embedded with enterprise-grade AI and automation capabilities that have been shown to speed alert investigation and triage by 55% in the first year, on average.
- Cloud Delivery, Speed & Scale: Delivered as a service on Amazon Web Services (AWS), QRadar Suite products allow for simplified deployment, visibility and integration across cloud environments and data sources. The suite also includes a new, cloud-native log management capability optimized for highly efficient data ingestion, rapid search and analytics at scale.
- Open Foundation, Pre-Built Integrations: The suite brings together the core technologies needed across threat detection, investigation and response – built around an open foundation, an extensive partner ecosystem, and more than 900 pre-built integrations that are designed to provide strong interoperability between IBM and third-party toolsets.
“In the face of a growing attack surface and shrinking attack timelines, speed and efficiency are fundamental to the success of resource-constrained security teams,” said Mary O’Brien, General Manager, IBM Security. “IBM has engineered the new QRadar Suite around a singular, modernized user experience, embedded with sophisticated AI and automation to maximize security analysts’ productivity and accelerate their response across each step of the attack chain.”
The QRadar Suite automatically contextualizes and prioritizes alerts, displays data in visual format for rapid consumption, and provides shared insights and automated workflows between products. This approach can drastically reduce the number of steps and screens required to investigate and respond to threats. For example, it identifies high-priority incidents that may warrant investigation, and automatically initiates investigation by fetching associated artifacts and gathering evidence via data mining across environments. The system uses these results to generate a timeline and attack graph of the incident based on MITRE ATT&CK framework and recommends actions to speed response. The system also uses open source threat hunting language and federated search capabilities to help threat hunters discover stealthy attacks and indicators of compromise across their environments, without moving data from its original source.
IBM is a member and mentor partner of the Government Technology & Services Coalition, a non-profit organization for government contractors in the homeland security market.
