I was recently asked to represent “Paul’s Security Weekly” as an “influencer” at the IBM InterConnect 2017 conference held in Las Vegas from March 19-23rd. I wrote about my expectations and goals prior to the conference, which centered on my desire to “meet” Watson and learn about what IBM is doing in the area of machine learning and how it might apply to cybersecurity. There were three themes that I was asked to focus on and provide commentary about: Cloud, IoT, and machine learning. As I stated in my article, the challenges of cybersecurity and both Cloud computing and IoT are pretty well understood; what intrigued me most was to see how machine learning was being applied to the problems and challenges of providing adequate cybersecurity in our ever-evolving technology solutions.
The importance of “cognitive” (IBM’s term for machine learning) was expressed at the outset by Ginny Rometty, Chairman, President, and CEO of IBM, who said in her keynote, “Our job is really to help you prepare for what you will become. And in my mind, you will become cognitive. It will be in your applications, your processes, and you’ll become a cognitive enterprise, and it will separate the winners and the losers.” Ms. Rometty also underscored the importance of cloud computing, based on a conviction that “the cloud is changing not just IT, …it is changing business and society.” This conviction is pretty clear evidence that even a technology giant such as IBM has realized that in order to stay in business in the future, you have to keep up with the ever changing technology landscape. “Winning” in this context really means “surviving” and companies that fail to adapt their business models will struggle to stay in business.
The technological advances that have emerged over the past 25 years or so, particularly the way the Internet has become a part of our “business and society”, have always made the business of providing adequate cybersecurity rather daunting. The reasons for this difficulty range from lack of awareness and corporate buy-in to lack of trained personnel to lack of properly implemented tools and solutions. The security industry itself tends to focus on myriad point-solution products and professional services such as penetration testing, and web application assessments, and forensics investigators. There are literally hundreds of point solutions, services, and providers available for companies to choose from today, yet major breaches seem to be disclosed on a weekly basis. There are many theories about why breaches continue, but the common culprits are poorly written applications, missing or mismanaged point solutions, and the extreme labor shortage of qualified security professionals.
IBM decided to get into the security business in a major way with its acquisition of Internet Security Systems in 2006. IBM described the purpose of the acquisition in a press release, “as a way to expand its role in the security realm and increase revenue”. Since then, IBM has grown its portfolio of security products largely by way of acquisition, and formerly rolled out the IBM Security division in 2011 with the acquisition of Q1 Labs and its QRadar security information and event management (SIEM) solution.
IBM Security was clearly attempting to make its presence known in a major way at InterConnect as it had one of the biggest booths in the vendor expo area (just inside the entrance) Security was an integral part of cloud and IoT discussions, and the role that cognitive (e.g. Watson) could play in terms of taking the IBM Security product suite to another level was continuously emphasized.
My approach to attending InterConnect was to be completely open to seeing what IBM Security is now offering in terms of products and services. Other than remembering the ISS acquisition, I was really unaware of what IBM was doing in the area of security so I set out to observe and learn.
As the week proceeded, I gradually realized that just about everything that IBM Security is offering in terms of security products were obtained through acquisition. Once I realized this, I tried to connect the dots with the current IBM Security offerings and what they used to called, or evolved from, in terms of the original product. I came up with this table (which I’m sure is incomplete):
Once I realized that all of the products I was learning about were really not new, or even created by IBM itself, it made me wonder what was special about any of the products. The answer, which was emphasized over and over again, is how IBM is focusing cognitive (Watson) on refurbishing or enhancing the capabilities of its product suite. There were some clear benefits to applying the power (and speed) of Watson to quite of few of the products in the suite of security solutions, so it is clear that Watson is the “secret sauce” or key discriminant as IBM Security competes for business in the cybersecurity space.
One of the newest offerings from IBM Security is the IBM X-Force “Cyber range” located in their Cambridge, MA, which is designed to emulate a real SOC (at a fake company). The Cyber range simulator gives clients an opportunity to experience a cyber attack simulation using real-world scenarios, to teach them the steps associated with breach response, and actually walks them through the process in “real time”. Shira Rubinoff and I had a chance to speak with IBM’s Etay Maor about the Cyber range simulations offered at the IBM X-Force Command Center, and I am hoping to visit the facility in the near future to see first hand how the simulation works.
I was given a variety of opportunities to attend talks about the various IBM Security products, see demonstrations, and talk to some of the developers and designers. I was also set free to explore the expo floor and to discover what was at the IBM Security booth on my own. The IBM Security booth had a second floor, or really a loft, and at one point my curiosity got the best of me and I ventured up the steps to see what I would find. To my delight, I found that the loft was occupied by the IBM X-Force services team. I ended up having quite a lengthy discussion with one of their members who actually was a carryover from the ISS acquisition back in 2006.
I came away with two thoughts on my time at the IBM Security Booth. The first, that it is a good sign that there are still old, ISS folks staying with IBM because there are numerous examples of security companies being acquired only for a point solution and all the employees either being cast-off or leaving after a short period because of neglect. My second thought was that it was almost metaphorical that the X-Force was “overseeing” the rest of IBM Security, because consulting and advisory services are they key to properly investing in, implementing, and getting the full function of our security products – regardless of origin.
I would be remiss if I did not point out two key examples of how IBM is taking seriously its responsibility for helping its customers be “winners” in this evolving cloud-connected society. The first example was the way they encouraged all attendees to help package meals for Rise Against Hunger whose mission is to end world hunger in our lifetime.
The second example, and much more provocative given the historically conservative reputation of IBM, was the talk given by Mike McAvoy, President & CEO of The Onion, on the role of satire (or “fake news”) as an alternative and (maybe only remaining) reliable source of truth for the public in the manner that the U.S. Constitution protects “the free exercise thereof; or abridging the freedom of speech, or of the press…”. This was a very important message, and IBM is to be commended for allowing it as part of InterConnect.
Clearly, IBM has recognized that it can no longer maintain its premier position in the business world by maintaining its traditional business model. IBM embracing change is in itself an amazing sight to behold.
IBM seems to have a clear grasp of the myriad challenges in being successful moving forward and is taking great strides at investing in the future. A future which is certainly cloud-based and where IoT devices will comprise the vast number of connected systems. Most importantly, the need for Security for all these things is well understood, as well as the unique challenges that security brings to conducting any business or commerce using internet-connected systems.
The success of the integration of Watson into existing systems is yet to be seen, but is a rational starting point. I would like to see IBM devote some of its amazing research and development efforts on the security problems associated with cloud/IoT just to see where it leads and independent of the existing product suite.
As mentioned earlier, there appears to be an ongoing need for increased awareness and focus about security within all the various business units and areas of focus within IBM. This is not a new problem, as the industry as a whole has been trying to figure this out for the past 25 years, but IBM has a tremendous advantage in that so much capability and expertise exists in-house to begin with; hopefully that means a smoother path to integration and understanding.
Someone asked the question at one of the talks I attended, “but what about the little guy”. I too noticed that every presentation and discussion started with “this is for your Security Operations Center (SOC)” to which I thought in my head, “yes, but not every company has security savvy staff yet alone a SOC.” I realize that the IBM business model is to focus on large, enterprise companies, but IBM could take great strides at furthering its goals of “winning” if it could sell its products and services to all the other companies out there that don’t have the requisite organizational structure.