IBM Concert

 View Only

Addressing application security risks with IBM Concert

By Ben Ball posted 27 days ago


Security teams never get a break. The scale and complexity of today’s IT landscape means that they’re always chasing something. Whether it’s the constant stream of common vulnerabilities and exposures (CVEs), loopholes opened up by the latest application build, or security gaps in the underlying architecture of an application, security teams always have something to do.

Unfortunately, most security teams spend precious little of their time plugging holes in application security. Most of their days are filled with trying to understand which risks are actually worth acting on.

Using AI to understand application security risk

Why does understanding and prioritizing application risk take so long? It’s fundamentally a data problem. The sheer scale and complexity of today’s applications makes it difficult to truly grasp the implications of a single risk factor. There are too many “what ifs” to consider, too many dependencies to account for, too many data points to process. We’re getting to the point where humans are simply too overwhelmed with information to make an informed decision.

Some companies try to throw bodies at the problem, building huge security teams and sophisticated op centers. This is an expensive proposition. Given the inexhaustible deluge of inbound risks to investigate and mitigate, it also seems like a finger-in-the-dam strategy.

Here at IBM, we believe that security risk is an ideal use case for AI-powered tools. Vast amounts of unstructured data, complex relationships and dependencies between data points – these are the challenges that AI was built for. We created IBM Concert in part to make security teams more effective by cutting through that sea of information and reducing the noise of constant alerts.

We mentioned elsewhere in the press release Introducing IBM Concert the 360-degree view of your application that IBM Concert delivers through its powerful AI capabilities powered by watsonx. The next step in the journey is applying that understanding to specific application use cases. Security risk is the first use case that IBM is making available for IBM Concert; additional use case packages are currently in development and will be rolled out in the coming months.

Concert’s risk functionality

IBM Concert answers a relatively simple question: what’s the most significant security risk to my application, and what should I do about it? 

Leveraging its deep understanding of an application’s structure and dependencies, IBM Concert presents security teams with a prioritized list of risk factors to address. It uses a broad definition of “risk,” to include things like CVEs, expired certificates, deviations from compliance standards, and more.

Lots of tools can analyze risk factors against infrastructure and configurations. IBM Concert is the only one that analyzes risk factors against your application, cutting across infrastructure silos to provide a true operational-level risk assessment.

IBM Concert also provides concrete recommendations for how to address risk factors within an application. IBM Concert’s AI-driven perspective goes beyond a simple if/then analysis. It traces the potential impacts of a change across your application architecture and selects the best available pathway. Using interactive visualizations, you can assess IBM Concert’s recommendations in context and trace potential impacts across application elements.

Let’s face it: most dashboards generate more questions than they answer. There’s always a “what if” to consider before you actually take action. That’s why IBM Concert has an interactive chatbot – so you can respond to its recommendations and get those “what ifs” answered instantly, without the need for additional data pulls or configurations.

When you’re ready to accept a recommendation and start the risk mitigation process, IBM Concert makes it easy to translate analysis into action. You can tell IBM Concert to file a support ticket, and it will automatically fill in the details of what needs to be done and how to do it. IBM Concert will even track follow-on actions, incorporating changes into its comprehensive view of an application.

Application risk is just the start

This is only the beginning. Our vision for IBM Concert’s AI-driven capabilities is both deep and wide. We’re already developing further risk-related capabilities, and intend to add many more risk factors into the scope of IBM Concert’s analysis. We also plan to widen the use cases that IBM Concert addresses, moving beyond risk to things like compliance, cost, and other factors that application owners care about. 

Ready to take the first step with IBM Concert?
1. Join our waitlist and get ready to experience the power of AI for application lifecycle management.
2. Make sure you register for our upcoming June 12 Webinar: IBM Concert AMA: Applications in harmony
3. Dive into more technical details of this Think announcement and join us IBM TechXchange AI and Automation Day! A virtual event 16 July 2024: