SIEM, Cloud Security

IBM Retools QRadar SIEM for Hybrid Cloud, AI Workloads


IBM has retooled its QRadar security information and event management (SIEM) system to help organizations scale their hybrid cloud and artificial intelligence (AI) workloads.

IBM also announced plans to deliver generative AI capabilities within its threat detection and response portfolio. As such, IBM will leverage "watsonx," the company's enterprise-ready data and AI platform, for efficient data ingestion, rapid search and analytics at scale.

QRadar SIEM monitors and correlates threat intel, network and user behavior anomalies to prioritize high-fidelity alerts. IBM said it is developing predictive generative AI security capabilities which will be trained to create active responses that optimize over time. For instance, AI will help security teams find similar incidents, update affected systems and patch vulnerable code.

IBM AI Saves Time for Security Analysts

The new QRadar offering is designed to augment and up-level security analysts' daily work by tapping AI to manage time-consuming and repetitive task. Meanwhile, security analysts are empowered to find and respond to high priority security incidents more effectively.

"Our new cloud native SIEM is a core element of IBM's mission to usher in the next generation of security operations, built for the hybrid cloud and AI era," said Kevin Skapinetz, IBM Security strategy and product management vice president. "Instead of forcing analysts to work around the complexity of security technologies, we're designing technology to remove the complexity — weeding out the noise, simplifying the user experience, and empowering analysts to tackle urgent threats with greater speed and confidence."

The new cloud-native QRadar SIEM will be generally available as SaaS in Q4 2023, with plans to offer software for on-premises and multi-cloud deployment in 2024. IBM plans to embed generative AI across its broader security software and services portfolio.

Key Benefits of QRadar SIEM

Built on Red Hat OpenShift, QRadar SIEM is designed to be open at a foundational level, allowing for deeper interoperability with multi-vendor tools and clouds. Here are some key benefits:

  • By using common, shared language for detection rules (SIGMA), QRadar SIEM allows clients to quickly import new, crowdsourced detections directly from the security community as threats evolve.
  • the ability to investigate across data sources, the solutions offers unique federated search and threat hunting capabilities built on open-source technologies
  • Building on the QRadar ecosystem, IBM offers one of the largest partner networks in the industry with more than 700 pre-built integrations.

IBM will continue supporting its current QRadar SIEM offering, while also offering customers a transition option to the new cloud-native SIEM.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.