How force multipliers can transform your cybersecurity

Boost cyber immunity with AI, orchestration, collaboration and cloud

How force multipliers can transform your cybersecurity

Boost cyber immunity with AI, orchestration, collaboration and cloud

The threat epidemic

Today’s technological advancements have introduced new opportunities, but this progress also comes with new risks. The more data businesses must store and process, the higher the risk of sensitive data ending up in the wrong hands.

Cyber criminals can crack the top 10 passwords in less than 1 second.

Cyber criminals can crack the top 10 passwords in less than 1 second 1

Even the best analysts can only keep up with 8% of critical data.

Even the best analysts can only keep up with 8% of critical data 1

Average total cost of a data breach: $3.86 million. Cost per lost or stolen record: $148.

  • Average total cost of a data breach: $3.86 million 2
  • Cost per lost or stolen record: $148 2
Average time to identify a breach: 197 days. Average time to contain a breach: 69 days.

  • Average time to identify a breach: 197 days 2
  • Average time to contain a breach: 69 days 2
5 billion personal records will be stolen. $8 trillion will be lost to cybercrime

  • 5 billion personal records will be stolen 1
  • $8 trillion will be lost to cybercrime 1

2018 Cost of a Data Breach Study by Ponemon Institute



Inoculating your organization

IBM Security General Manager Marc van Zadelhoff identified four key areas of focus that are paving the way to a more secure future: artificial intelligence (AI), orchestration and automation of incident response, security from the cloud and open collaboration among industry leaders. Much like a series of vaccinations, these immunity “force multipliers” combine to create a powerful defense against cybersecurity threats, and they should form the basis of a security strategy for every organization’s digital transformation.

Graphic illustration representing the force multipliers that must combine to make an organization immune to serious security risks: Artificial intelligence plus orchestration and automation plus security from the cloud plus open collaboration equals cybersecurity health

With the AI technologies of machine learning and cognitive computing, organizations unlock an unprecedented ability to outthink cybercriminals. Automated and orchestrated incident response capabilities reduce precious time to identify and contain breaches. By delivering security capabilities through the cloud, enterprises gain the speed and reach to stop threats at the source. And collaboration between security industry leaders turns cybersecurity into a team sport, making it easier for everyone to combat — and prevent — costly attacks.

Cybersecurity force multipliers

Tackling the challenges of cybersecurity requires bold action, yet organizations do not have enough skilled staff, visibility into changing threats, or coordinated response plans. Marc van Zadelhoff spoke at RSA Conference 2018 about the force multipliers that will allow resource-constrained security operations centers to respond quickly and intelligently to threats.

Artificial intelligence

AI multiplies the abilities of analysts

Many organizations have difficulty hiring the right people with the right skills to manage vast amounts of data, which impacts their ability to respond quickly and effectively to attacks. With more data to manage and frequent false positives, security incidents are increasingly difficult to identify and address.

By modelling behaviors, AI proactively identifies suspicious events and curates intelligence from millions of sources, such as research papers, blogs and news reports. Armed with these advanced insights, security professionals can make the right contextual decisions with greater speed and accuracy.

Everything changes when analysts are assisted by AI. Machine learning, deep learning and cognitive computing capabilities don’t just bridge the skills gap — they amplify analysts’ ability to identify emerging threats and take the right steps to reduce business risk.

AI uncovers 10 times more actionable threat indicators.

AI uncovers 10 times more actionable threat indicators 3

Investigate threats 50 times faster than with manual processes.

Investigate threats 50 times faster than with manual processes 3

AI Terminology 101


AI is becoming integral to cybersecurity. Here’s a cheat sheet of the most commonly used terms:


Artificial intelligence (AI): The simulation of intelligent behavior by computers, such as visual perception, speech recognition, decision-making and language translation. AI mimics the characteristically human ability to discover information, infer conclusions and apply reason.


Machine learning: Mathematical functions and algorithms that look for patterns and anomalies in data. This is the most widely used type of AI.


Deep learning: A group of algorithms that implement deep machine learning networks with unsupervised learning.


Cognitive computing: A subfield of AI which builds on deep learning to simulate complex human thought processes. Cognitive computing today is most commonly used in natural language processing.4



The challenge:

Infirmary Health System needed to automate and strengthen security and endpoint management to better protect electronic health record data while meeting HIPAA and federal meaningful use requirements. Their IT team was finding it difficult to meet guidelines using point technologies and manual processes for patching more than 4,000 workstations.

The solution:

  1. Get ahead of compliance with IBM QRadar, which uses machine learning to detect potential compromises.
  2. Enhance security hygiene through patching, vulnerability scanning, using endpoint, asset and user context with IBM BigFix.
  3. Govern user identities through provisioning, governance and monitoring of employees and privileged users with IBM Identity Governance and Intelligence.

How it works:

IBM QRadar provides 360-degree visibility of enterprise security and can see immediately if someone is trying to exploit an operating system vulnerability. This software uses AI for user and behavior analytics to detect an external attack or unauthorized internal access. When a threat is discovered, it alerts the security team to use the IBM BigFix solution to remediate the condition.

The foundation for these security capabilities is IBM Identity Governance and Intelligence, a business-centric approach to day-to-day identity management and governance. This key element of the IBM Security portfolio empowers business and IT to work together to meet both compliance and security goals across enterprise applications and data.

The results:

  • Reduced endpoint licensing costs and reduced time to deploy software by 95%
  • Went from an average of 40% patch compliance to 90%
"We can now quickly, easily and accurately produce audit reports for HIPAA and meaningful use compliance."

Chief Information Officer, Infirmary Health System

Teaching Watson the Language of Security

Watson for Cyber Security uses cognitive technology and deep domain expertise to detect security breaches before they cause damage, at a speed and scale never possible before. Unlike programmable systems, cognitive technology is based on training systems that can understand, reason and learn to sense what’s coming — then communicate that in natural language. This video illustrates the process of training Watson for Cyber Security to understand the language of security.

Security orchestration and automation

Orchestration accelerates the speed of teams

The cybercriminals behind the most sophisticated breaches choose their victims carefully and map out their plans well before launching an attack. They conduct in-depth reconnaissance to learn what defenses are in place, then make calculated moves to avoid those defenses. Once they get in, they operate low and slow to gradually gain access without setting off any alarms.

To stop complex, persistent threats, organizations need to outpace their attackers with a holistic approach to orchestration — a choreographed set of protocols that brings people, processes and technology together to respond quickly to a cyberattack. What’s more, these strategies should encompass far more than just finding and stopping the attack.

In trauma centers, the best teams are ready at a moment’s notice, and they follow strict protocols when it comes to making decisions and caring for critical patients. During a cyberattack, companies need the same type of well-documented, coordinated and practiced approach.

An optimal orchestration strategy includes:



AI technology that chains together multiple events that may seem to be low-risk, but are actually elements of an extremely high-risk cyberattack


Built-in analytics that can perform these functions on structured, semi-structured and unstructured data alike


Visual investigation tools for fast analysis across disparate data sets


Visual documentation to help leaders make decisions, and possibly to provide to law enforcement as criminal evidence


A practiced approach to responding swiftly and confidently during high-stress incidents, even when information is incomplete and circumstances are changing quickly


Quick, automated orchestration to alert everyone from employees and executives to government regulators and affected customers


The oldest brand in tennis aces threats with the latest in cybersecurity AI

The challenge:

Wimbledon needed to analyze huge amounts of data in real time in order to extract trends and useful information. They also wanted a system that adapts its rules as more information becomes available.

The solution:

  1. Detect and stop advanced threats with the power of AI using IBM QRadar Advisor with Watson.
  2. Orchestrate incident response through end-to-end workflow, collaboration, actions and expertise with IBM Resilient Incident Response.
  3. Master threat hunting through analyst-driven investigations using big data and threat intelligence with IBM i2 Enterprise Insight Analysis.

The results:

  • Investigated security threats 60 times faster compared to manual analysis
  • Enabled a 500% increase in number of security incidents investigated in real time during the tournament
  • Zero breaches impacted the 2017 Wimbledon website and brand

Rock Your SOC

Security analysts are challenged to sift through thousands of security alerts to investigate and accurately identify threats. What’s more, analysts must contend with IT systems moving to the cloud, and an explosion in the number of devices and applications, with minimal resources and a shortage of trained staff. IBM Security Vice President Jim Brennan and IBM Security CTO Koos Lodewijkx shared their vision at Think 2018 of an AI-powered security operations center (SOC) that supports analysts to keep up with changing environments, devices, users, threats and more.

Cybersecurity in the cloud age


Security for the cloud

Organizations across the globe are using enterprise-wide cloud initiatives to drive rapid innovation and growth: In a recent Ponemon study, sponsored by IBM, 74 percent of respondents said that cloud adoption significantly improved their customer experience, and 76 percent reported that their most successful cloud initiative drove expansion into new industries5. As cited in the same study, however, security concerns remain a key barrier to successful cloud adoption for many companies.

These organizations want the flexibility and scalability of cloud, but don’t have the in-house skills to manage the security demands that cloud makes necessary. Taking advantage of cloud also requires considerations for governance and compliance.

For businesses to innovate, improve defenses and manage their risk, they must be able to protect their workloads on-premises, off-premises and in hybrid cloud environments. This requires a more automated and agile approach than traditional security measures, and one that encompasses:

A scalable cloud computing strategy.

A scalable cloud computing strategy

Visibility across multiple hybrid cloud platforms

Visibility across multiple hybrid cloud platforms

Faster time to value with online risk assessments.

Faster time to value with online risk assessments

Asset and server outage protection.

Asset and server outage protection

Cloud identity and access management.

Cloud identity and access management

Security from the cloud

Whether an organization is using a cloud-based, hybrid or on-premises model for their operations, cloud-based cybersecurity offers numerous advantages for companies of varying sizes and levels of complexity. The Security-as-a-Service (SaaS) model, in which security capabilities are delivered from the cloud, is an agile approach to security for the future, as it:


Reduces time to value by allowing users to easily provision capabilities and perform rapid prototyping and evaluations


Reduces capital expenditures by eliminating prohibitive up-front costs for things like servers and software licenses


Reduces demand on internal resources by shifting most administration tasks to the service provider


Fragmented point-security approaches no longer deliver the speed, reach and visibility that are crucial for adapting to rapid business transformation and staying ahead of today’s advanced threats, let alone tomorrow’s. Adopting an integrated security platform, delivered on cloud, helps organizations leverage AI technology and cloud-based threat intelligence for a more agile approach to cybersecurity.


A 2018 study from the Ponemon Institute, sponsored by IBM Security, had some startling findings about the state of security in digital transformation. While 75 percent of senior business leaders surveyed agree that digital transformation is critical to meeting business goals, many acknowledge serious consequences from a lack of security in the transformation process.

Increased business risks:

  • 74 percent say a lack of security in the digital transformation process likely caused a data breach in the last year
  • 65 percent say that consequences of a cyberattack or breach form insecure digital transformation resulted in disruption or damages to critical infrastructure
  • 58 percent say breaches from digital transformation caused a decline of productivity, and 52 percent say it caused lost revenue
  • Just 41 percent of business leaders report having a digital transformation strategy

Positive steps:

  • 79 percent are confident that technologies using machine learning and AI can secure their digital transformation
  • 71 percent say orchestration technologies can help secure their digital transformation
  • 66 percent agree that migration to a secure cloud environment is critical to their organization’s digital transformation
  • High-performing organizations with greater maturity in securing their digital transformation were 23 percent less likely to have experienced a breach

Open collaboration

The sharing of threat intelligence boosts global immunity

In a 2016 TED Talk, Caleb Barlow, Vice President of Threat Intelligence at IBM Security, shared some sobering numbers: In 2015, over 2 billion digital records were stolen, generating nearly $450 billion in profit for cybercriminals. As Caleb noted, modern cybercrime is an industry with many features we would recognize from the legal economy. Criminals buy and sell malware on the Dark Web, in marketplaces that operate much like legitimate commerce sites, with product reviews and reputation rankings for sellers.

While cybercriminals have grown increasingly collaborative, those who work to defend against them still remain largely siloed. It’s easy to understand why organizations keep information about attacks under wraps: to preserve competitive advantage, and to avoid costly litigation and regulatory headaches. But with 80 percent of cyberattacks driven by organized crime rings that share data and tools to launch sophisticated attacks, and the security industry already facing a massive talent shortage, it’s time for a new paradigm.

When an epidemic like SARS, the Zika virus or Ebola threatens humanity, everyone who can help — governments, researchers, hospitals and private institutions alike — responds openly and quickly in a collective effort to stop the disease in its tracks. To save lives, no one hesitates to share critical information about who is affected, how the disease is transmitted and which treatments are working.

To combat the spread of cybercrime and create a safer digital future for all, security industry leaders must shift toward open collaboration and widespread sharing of threat intelligence data.

In 2015, IBM made a significant move to spearhead this effort by opening its 700 TB database of threat data to the public for free with IBM X-Force Exchange. This cloud-based threat intelligence sharing platform enables users to rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts, and collaborate with peers.

Supported by both human- and machine-generated intelligence, IBM X-Force Exchange helps users to stay ahead of emerging threats and share real-time data with anyone who might benefit from it. Building on this collaborative foundation, the IBM Security App Exchange allows partners and customers to create and distribute free apps based on IBM security technology.


IBM + Cisco = Partners for integrated threat defense

Without integrated tools, the work of security operations centers is often reduced to manual labor. Something has to change — and now it has. For its part, IBM Security is working with industry partners like Cisco to share intelligence and build new applications, delivered via the IBM Security App Exchange, to help security teams detect and respond more effectively and quickly to threats.

The challenge:

The cybersecurity industry today saddles enterprise organizations with as many as 80 different security tools and solutions from nearly 45 different vendors. In addition, a Cisco survey found that 65 percent of organizations use up to 50 different security products that do not integrate, challenging their overextended security teams to move with speed.

The solution:

  1. Cisco and IBM Security deliver products that closely integrate with one another to share context and intelligence.
  2. Essential threat intelligence sharing between Cisco Talos and the IBM X-Force Exchange, with teams from each collaborating closely on security research.
  3. IBM Managed Security Services teams up with Cisco to deliver new security infrastructure services aimed at reducing the IT complexity often associated with cybersecurity efforts.

Cybercriminals Collaborate – Why Can’t We?

Cybercrime netted a whopping $450 billion in profits in 2015, with 2 billion records lost or stolen worldwide. Security expert Caleb Barlow calls out the insufficiency of our current strategies to protect our data. His solution? We need to respond to cybercrime with the same collective effort as we apply to a health care crisis, sharing timely information on who is infected and how the disease is spreading. If we’re not sharing, then we’re part of the problem.



The IBM Security immune system

The IBM Security immune system looks at an organization’s security portfolio in a holistic, integrated way — as a framework of security capabilities that transmits and ingests vital security data to gain visibility, understand and prioritize threats, and coordinate multiple layers of defense.

Explore the security immune system

IBM Security is here to help

Creating a safer digital future

IBM Security offers a rich solution portfolio organized into a comprehensive security immune system designed to help organizations protect their on-premises, cloud and hybrid IT environments.


Largest enterprise cybersecurity provider.

Largest enterprise cybersecurity provide

Leader in 12 security market segments.

Leader in 12 security market segments

3,700+ security patents.

3,700+ security patents

20+ security acquisitions.

20+ security acquisitions

60 billion+ security events monitored per day.

60 billion+ security events monitored per day


Proving compliance and reducing business risk

In today’s climate of increasing regulatory pressure, organizations are spending vast amounts of capital on compliance efforts — and not all of those efforts are successful. Fines for compliance violations have the potential to reach billions for large, global companies. To meet these ever-changing regulatory mandates, adopting a threat-aware, risk-based approach — in contrast to the inefficient, outmoded “box-checking” model — is critical.

Get ahead with an integrated approach

Because many compliance requirements overlap with security issues, it makes sense to unify your overall strategy for managing security and governance. The IBM Security immune system combines enterprise security intelligence and expertise in a single framework.

IBM Security offers the products and services needed to help clients monitor and enforce compliance mandates, patch and scan across endpoints, assets and users, and govern users and identities through provisioning, governance and monitoring.

Next steps

card_3

View all IBM solutions

Discover our integrated approach to security.

card_3

Strengthen your security portfolio

Explore the integrated security immune system.

card_3

Get recommendations for your business

See how IBM tackles security concerns in your industry.

Sources

Table of contents

The threat epidemic

The threat epidemic

Today’s technological advancements have introduced new opportunities, but this progress also comes with new risks. The more data businesses must store and process, the higher the risk of sensitive data ending up in the wrong hands.

Cyber criminals can crack the top 10 passwords in less than 1 second.
Cyber criminals can crack the top 10 passwords in less than 1 second.

Cyber criminals can crack the top 10 passwords in less than 1 second 1

Even the best analysts can only keep up with 8% of critical data.
Even the best analysts can only keep up with 8% of critical data.

Even the best analysts can only keep up with 8% of critical data 1

Average total cost of a data breach: $3.86 million. Cost per lost or stolen record: $148.
Average total cost of a data breach: $3.86 million. Cost per lost or stolen record: $148.

  • Average total cost of a data breach: $3.86 million 2
  • Cost per lost or stolen record: $148 2
Average time to identify a breach: 197 days. Average time to contain a breach: 69 days.
Average time to identify a breach: 197 days. Average time to contain a breach: 69 days.

  • Average time to identify a breach: 197 days 2
  • Average time to contain a breach: 69 days 2
5 billion personal records will be stolen. $8 trillion will be lost to cybercrime
5 billion personal records will be stolen. $8 trillion will be lost to cybercrime

  • 5 billion personal records will be stolen 1
  • $8 trillion will be lost to cybercrime 1

2018 Cost of a Data Breach Study by Ponemon Institute



Inoculating your organization

Inoculating your organization

IBM Security General Manager Marc van Zadelhoff identified four key areas of focus that are paving the way to a more secure future: artificial intelligence (AI), orchestration and automation of incident response, security from the cloud and open collaboration among industry leaders. Much like a series of vaccinations, these immunity “force multipliers” combine to create a powerful defense against cybersecurity threats, and they should form the basis of a security strategy for every organization’s digital transformation.

Graphic illustration representing the force multipliers that must combine to make an organization immune to serious security risks: Artificial intelligence plus orchestration and automation plus security from the cloud plus open collaboration equals cybersecurity health
Graphic illustration representing the force multipliers that must combine to make an organization immune to serious security risks: Artificial intelligence plus orchestration and automation plus security from the cloud plus open collaboration equals cybersecurity health

With the AI technologies of machine learning and cognitive computing, organizations unlock an unprecedented ability to outthink cybercriminals. Automated and orchestrated incident response capabilities reduce precious time to identify and contain breaches. By delivering security capabilities through the cloud, enterprises gain the speed and reach to stop threats at the source. And collaboration between security industry leaders turns cybersecurity into a team sport, making it easier for everyone to combat — and prevent — costly attacks.

Cybersecurity force multipliers

Tackling the challenges of cybersecurity requires bold action, yet organizations do not have enough skilled staff, visibility into changing threats, or coordinated response plans. Marc van Zadelhoff spoke at RSA Conference 2018 about the force multipliers that will allow resource-constrained security operations centers to respond quickly and intelligently to threats.

Artificial intelligence

Artificial intelligence

AI multiplies the abilities of analysts

Many organizations have difficulty hiring the right people with the right skills to manage vast amounts of data, which impacts their ability to respond quickly and effectively to attacks. With more data to manage and frequent false positives, security incidents are increasingly difficult to identify and address.

By modelling behaviors, AI proactively identifies suspicious events and curates intelligence from millions of sources, such as research papers, blogs and news reports. Armed with these advanced insights, security professionals can make the right contextual decisions with greater speed and accuracy.

Everything changes when analysts are assisted by AI. Machine learning, deep learning and cognitive computing capabilities don’t just bridge the skills gap — they amplify analysts’ ability to identify emerging threats and take the right steps to reduce business risk.

AI uncovers 10 times more actionable threat indicators.
AI uncovers 10 times more actionable threat indicators.

AI uncovers 10 times more actionable threat indicators 3

Investigate threats 50 times faster than with manual processes.
Investigate threats 50 times faster than with manual processes.

Investigate threats 50 times faster than with manual processes 3

AI Terminology 101


AI is becoming integral to cybersecurity. Here’s a cheat sheet of the most commonly used terms:


Artificial intelligence (AI): The simulation of intelligent behavior by computers, such as visual perception, speech recognition, decision-making and language translation. AI mimics the characteristically human ability to discover information, infer conclusions and apply reason.


Machine learning: Mathematical functions and algorithms that look for patterns and anomalies in data. This is the most widely used type of AI.


Deep learning: A group of algorithms that implement deep machine learning networks with unsupervised learning.


Cognitive computing: A subfield of AI which builds on deep learning to simulate complex human thought processes. Cognitive computing today is most commonly used in natural language processing.4



The challenge:

Infirmary Health System needed to automate and strengthen security and endpoint management to better protect electronic health record data while meeting HIPAA and federal meaningful use requirements. Their IT team was finding it difficult to meet guidelines using point technologies and manual processes for patching more than 4,000 workstations.

The solution:

  1. Get ahead of compliance with IBM QRadar, which uses machine learning to detect potential compromises.
  2. Enhance security hygiene through patching, vulnerability scanning, using endpoint, asset and user context with IBM BigFix.
  3. Govern user identities through provisioning, governance and monitoring of employees and privileged users with IBM Identity Governance and Intelligence.

How it works:

IBM QRadar provides 360-degree visibility of enterprise security and can see immediately if someone is trying to exploit an operating system vulnerability. This software uses AI for user and behavior analytics to detect an external attack or unauthorized internal access. When a threat is discovered, it alerts the security team to use the IBM BigFix solution to remediate the condition.

The foundation for these security capabilities is IBM Identity Governance and Intelligence, a business-centric approach to day-to-day identity management and governance. This key element of the IBM Security portfolio empowers business and IT to work together to meet both compliance and security goals across enterprise applications and data.

The results:

  • Reduced endpoint licensing costs and reduced time to deploy software by 95%
  • Went from an average of 40% patch compliance to 90%
"We can now quickly, easily and accurately produce audit reports for HIPAA and meaningful use compliance."

Chief Information Officer, Infirmary Health System

Teaching Watson the Language of Security

Watson for Cyber Security uses cognitive technology and deep domain expertise to detect security breaches before they cause damage, at a speed and scale never possible before. Unlike programmable systems, cognitive technology is based on training systems that can understand, reason and learn to sense what’s coming — then communicate that in natural language. This video illustrates the process of training Watson for Cyber Security to understand the language of security.

Security orchestration and automation

Security orchestration and automation

Orchestration accelerates the speed of teams

The cybercriminals behind the most sophisticated breaches choose their victims carefully and map out their plans well before launching an attack. They conduct in-depth reconnaissance to learn what defenses are in place, then make calculated moves to avoid those defenses. Once they get in, they operate low and slow to gradually gain access without setting off any alarms.

To stop complex, persistent threats, organizations need to outpace their attackers with a holistic approach to orchestration — a choreographed set of protocols that brings people, processes and technology together to respond quickly to a cyberattack. What’s more, these strategies should encompass far more than just finding and stopping the attack.

In trauma centers, the best teams are ready at a moment’s notice, and they follow strict protocols when it comes to making decisions and caring for critical patients. During a cyberattack, companies need the same type of well-documented, coordinated and practiced approach.

An optimal orchestration strategy includes:



AI technology that chains together multiple events that may seem to be low-risk, but are actually elements of an extremely high-risk cyberattack


Built-in analytics that can perform these functions on structured, semi-structured and unstructured data alike


Visual investigation tools for fast analysis across disparate data sets


Visual documentation to help leaders make decisions, and possibly to provide to law enforcement as criminal evidence


A practiced approach to responding swiftly and confidently during high-stress incidents, even when information is incomplete and circumstances are changing quickly


Quick, automated orchestration to alert everyone from employees and executives to government regulators and affected customers


The oldest brand in tennis aces threats with the latest in cybersecurity AI

The challenge:

Wimbledon needed to analyze huge amounts of data in real time in order to extract trends and useful information. They also wanted a system that adapts its rules as more information becomes available.

The solution:

  1. Detect and stop advanced threats with the power of AI using IBM QRadar Advisor with Watson.
  2. Orchestrate incident response through end-to-end workflow, collaboration, actions and expertise with IBM Resilient Incident Response.
  3. Master threat hunting through analyst-driven investigations using big data and threat intelligence with IBM i2 Enterprise Insight Analysis.

The results:

  • Investigated security threats 60 times faster compared to manual analysis
  • Enabled a 500% increase in number of security incidents investigated in real time during the tournament
  • Zero breaches impacted the 2017 Wimbledon website and brand

Rock Your SOC

Security analysts are challenged to sift through thousands of security alerts to investigate and accurately identify threats. What’s more, analysts must contend with IT systems moving to the cloud, and an explosion in the number of devices and applications, with minimal resources and a shortage of trained staff. IBM Security Vice President Jim Brennan and IBM Security CTO Koos Lodewijkx shared their vision at Think 2018 of an AI-powered security operations center (SOC) that supports analysts to keep up with changing environments, devices, users, threats and more.

Cybersecurity in the cloud age

Cybersecurity in the cloud age


Security for the cloud

Organizations across the globe are using enterprise-wide cloud initiatives to drive rapid innovation and growth: In a recent Ponemon study, sponsored by IBM, 74 percent of respondents said that cloud adoption significantly improved their customer experience, and 76 percent reported that their most successful cloud initiative drove expansion into new industries5. As cited in the same study, however, security concerns remain a key barrier to successful cloud adoption for many companies.

These organizations want the flexibility and scalability of cloud, but don’t have the in-house skills to manage the security demands that cloud makes necessary. Taking advantage of cloud also requires considerations for governance and compliance.

For businesses to innovate, improve defenses and manage their risk, they must be able to protect their workloads on-premises, off-premises and in hybrid cloud environments. This requires a more automated and agile approach than traditional security measures, and one that encompasses:

A scalable cloud computing strategy.
A scalable cloud computing strategy.

A scalable cloud computing strategy

Visibility across multiple hybrid cloud platforms
Visibility across multiple hybrid cloud platforms

Visibility across multiple hybrid cloud platforms

Faster time to value with online risk assessments.
Faster time to value with online risk assessments.

Faster time to value with online risk assessments

Asset and server outage protection.
Asset and server outage protection.

Asset and server outage protection

Cloud identity and access management.
Cloud identity and access management.

Cloud identity and access management

Security from the cloud

Whether an organization is using a cloud-based, hybrid or on-premises model for their operations, cloud-based cybersecurity offers numerous advantages for companies of varying sizes and levels of complexity. The Security-as-a-Service (SaaS) model, in which security capabilities are delivered from the cloud, is an agile approach to security for the future, as it:


Reduces time to value by allowing users to easily provision capabilities and perform rapid prototyping and evaluations


Reduces capital expenditures by eliminating prohibitive up-front costs for things like servers and software licenses


Reduces demand on internal resources by shifting most administration tasks to the service provider


Fragmented point-security approaches no longer deliver the speed, reach and visibility that are crucial for adapting to rapid business transformation and staying ahead of today’s advanced threats, let alone tomorrow’s. Adopting an integrated security platform, delivered on cloud, helps organizations leverage AI technology and cloud-based threat intelligence for a more agile approach to cybersecurity.


A 2018 study from the Ponemon Institute, sponsored by IBM Security, had some startling findings about the state of security in digital transformation. While 75 percent of senior business leaders surveyed agree that digital transformation is critical to meeting business goals, many acknowledge serious consequences from a lack of security in the transformation process.

Increased business risks:

  • 74 percent say a lack of security in the digital transformation process likely caused a data breach in the last year
  • 65 percent say that consequences of a cyberattack or breach form insecure digital transformation resulted in disruption or damages to critical infrastructure
  • 58 percent say breaches from digital transformation caused a decline of productivity, and 52 percent say it caused lost revenue
  • Just 41 percent of business leaders report having a digital transformation strategy

Positive steps:

  • 79 percent are confident that technologies using machine learning and AI can secure their digital transformation
  • 71 percent say orchestration technologies can help secure their digital transformation
  • 66 percent agree that migration to a secure cloud environment is critical to their organization’s digital transformation
  • High-performing organizations with greater maturity in securing their digital transformation were 23 percent less likely to have experienced a breach

Open collaboration

Open collaboration

The sharing of threat intelligence boosts global immunity

In a 2016 TED Talk, Caleb Barlow, Vice President of Threat Intelligence at IBM Security, shared some sobering numbers: In 2015, over 2 billion digital records were stolen, generating nearly $450 billion in profit for cybercriminals. As Caleb noted, modern cybercrime is an industry with many features we would recognize from the legal economy. Criminals buy and sell malware on the Dark Web, in marketplaces that operate much like legitimate commerce sites, with product reviews and reputation rankings for sellers.

While cybercriminals have grown increasingly collaborative, those who work to defend against them still remain largely siloed. It’s easy to understand why organizations keep information about attacks under wraps: to preserve competitive advantage, and to avoid costly litigation and regulatory headaches. But with 80 percent of cyberattacks driven by organized crime rings that share data and tools to launch sophisticated attacks, and the security industry already facing a massive talent shortage, it’s time for a new paradigm.

When an epidemic like SARS, the Zika virus or Ebola threatens humanity, everyone who can help — governments, researchers, hospitals and private institutions alike — responds openly and quickly in a collective effort to stop the disease in its tracks. To save lives, no one hesitates to share critical information about who is affected, how the disease is transmitted and which treatments are working.

To combat the spread of cybercrime and create a safer digital future for all, security industry leaders must shift toward open collaboration and widespread sharing of threat intelligence data.

In 2015, IBM made a significant move to spearhead this effort by opening its 700 TB database of threat data to the public for free with IBM X-Force Exchange. This cloud-based threat intelligence sharing platform enables users to rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts, and collaborate with peers.

Supported by both human- and machine-generated intelligence, IBM X-Force Exchange helps users to stay ahead of emerging threats and share real-time data with anyone who might benefit from it. Building on this collaborative foundation, the IBM Security App Exchange allows partners and customers to create and distribute free apps based on IBM security technology.


IBM + Cisco = Partners for integrated threat defense

Without integrated tools, the work of security operations centers is often reduced to manual labor. Something has to change — and now it has. For its part, IBM Security is working with industry partners like Cisco to share intelligence and build new applications, delivered via the IBM Security App Exchange, to help security teams detect and respond more effectively and quickly to threats.

The challenge:

The cybersecurity industry today saddles enterprise organizations with as many as 80 different security tools and solutions from nearly 45 different vendors. In addition, a Cisco survey found that 65 percent of organizations use up to 50 different security products that do not integrate, challenging their overextended security teams to move with speed.

The solution:

  1. Cisco and IBM Security deliver products that closely integrate with one another to share context and intelligence.
  2. Essential threat intelligence sharing between Cisco Talos and the IBM X-Force Exchange, with teams from each collaborating closely on security research.
  3. IBM Managed Security Services teams up with Cisco to deliver new security infrastructure services aimed at reducing the IT complexity often associated with cybersecurity efforts.

Cybercriminals Collaborate – Why Can’t We?

Cybercrime netted a whopping $450 billion in profits in 2015, with 2 billion records lost or stolen worldwide. Security expert Caleb Barlow calls out the insufficiency of our current strategies to protect our data. His solution? We need to respond to cybercrime with the same collective effort as we apply to a health care crisis, sharing timely information on who is infected and how the disease is spreading. If we’re not sharing, then we’re part of the problem.



The security immune system

IBM_Security_immune_system
IBM_Security_immune_system

The IBM Security immune system

The IBM Security immune system looks at an organization’s security portfolio in a holistic, integrated way — as a framework of security capabilities that transmits and ingests vital security data to gain visibility, understand and prioritize threats, and coordinate multiple layers of defense.

Explore the security immune system

IBM Security is here to help

IBM Security is here to help

Creating a safer digital future

IBM Security offers a rich solution portfolio organized into a comprehensive security immune system designed to help organizations protect their on-premises, cloud and hybrid IT environments.


Largest enterprise cybersecurity provider.
Largest enterprise cybersecurity provider.

Largest enterprise cybersecurity provide

Leader in 12 security market segments.
Leader in 12 security market segments.

Leader in 12 security market segments

3,700+ security patents.
3,700+ security patents.

3,700+ security patents

20+ security acquisitions.
20+ security acquisitions.

20+ security acquisitions

60 billion+ security events monitored per day.
60 billion+ security events monitored per day.

60 billion+ security events monitored per day


Proving compliance and reducing business risk

In today’s climate of increasing regulatory pressure, organizations are spending vast amounts of capital on compliance efforts — and not all of those efforts are successful. Fines for compliance violations have the potential to reach billions for large, global companies. To meet these ever-changing regulatory mandates, adopting a threat-aware, risk-based approach — in contrast to the inefficient, outmoded “box-checking” model — is critical.

Get ahead with an integrated approach

Because many compliance requirements overlap with security issues, it makes sense to unify your overall strategy for managing security and governance. The IBM Security immune system combines enterprise security intelligence and expertise in a single framework.

IBM Security offers the products and services needed to help clients monitor and enforce compliance mandates, patch and scan across endpoints, assets and users, and govern users and identities through provisioning, governance and monitoring.

Next steps

Next steps

card_3

View all IBM solutions

Discover our integrated approach to security.

card_3

Strengthen your security portfolio

Explore the integrated security immune system.

card_3

Get recommendations for your business

See how IBM tackles security concerns in your industry.