Marc van Zadelhoff, General Manager
For IBM Security, the past one year has been a period of renaissance in the security landscape. First was the release of X-Force Exchange in the fall of 2015 to wage a global war against the hackers—a bold step that no one saw coming. “This cloud based threat intelligence platform opened a vast trove of current and historical threat information that IBM Security has collected since decades,” delineates Marc van Zadelhoff, the newly appointed head of the Security Integrated Business Unit, IBM Security. This includes everything from the detailed vulnerability information provided on the X-Force Vulnerability Search page to the IP address, domain, and URL reputation information from the X-Force AppLoupe portal.
What followed was a sight of unanimity and integrity when more than 1,000 organizations across 16 industries joined the X-Force Exchange threat intelligence network within the first few months of its release. Today, this network has tens of thousands of firms, sharing and developing applications, aggregating actionable intelligence, and mitigating the threats of cyber attacks together. To develop more maturity within the X-Force Exchange ecosystem, the consulting arm of IBM Security is working in tandem with partners to navigate intelligence-driven operations, and assess a company’s security posture and maturity against best practices in security landscape. IBM Security’s consulting experts pave the way for organizations to develop security applications and effective security programs that not only protect infrastructures, but enhance business operations. With over 4,000 dedicated security consultants who have access to the world’s largest known database of threats, the company brings broad industry expertise to the table, with rich IT security consulting experience in disciplines including data protection, data aggregation, and application services. The dedication, fused with support and solutions provided by IBM Security led it to being recognized as a Leader in The Forrester Wave: Information Security Consulting Services, Q1 2016.
Putting Cyber Threats in Context
While IBM X-Force Exchange is trending up among various industries, Zadelhoff is leaving no stone unturned to ensure the success of the platform. This includes frequent consulting meetings with partners and researchers to display the expansiveness of “dark web,” which is becoming a marketplace for Trojans and other malicious software. Investigating what the so-called crimeware hackers are auctioning online, along with advising and sharing such insights is one of the keys to stand tall against the cyber threats.
One of the biggest problems in cyber security is hackers collaborating, sharing data and software
“One of the biggest problems in cyber security is hackers collaborating, sharing data and software. And the solution to it lies in our IBM X-Force Exchange,” says Zadelhoff. What makes Zadelhoff hail the collaborative platform is its ability to offer access to volumes of actionable IBM and third-party threat data from across the globe, including real-time indicators of live attacks, which can be used to defend against cybercrimes happening at any corner of the world.
From a business perspective, one may question why give away precious data on attackers at no cost? “Simple, IBM aims to commoditize threat intelligence,” says Zadelhoff. By giving this intel away, IBM Security hopes to become the foundation on which the information security industry relies. The analysis executed over the vast amount of data would enable industries to haul hackers from their dark hole and prevent IT environments from plummeting. Zadelhoff calls this three “C” strategy: cloud, collaboration, cognitive, which scales the prowess of X-Force Exchange beyond expectation. Cloud is the mechanism of distribution; collaboration involves sharing threat feeds and code; and cognitive refers to the value added analysis layer. With these three as the pillars of X-Force Exchange, any organization can directly interact with IBM’s security analysts and researchers as well as their industry peers to validate findings and expose them to other companies fighting cybercrime.
For instance, a security researcher might discover a new malware breaching the network; identifying it as malicious within the platform. From there, a security analyst at another company could find this domain from their network and consult with other analysts and experts to validate its danger. The analyst would then apply blocking rules to their own company’s digital presence, stopping malicious traffic, and rapidly alert the organization’s CISO about the threat. The CISO would then add this malicious traffic source to a public collection on the platform, sharing with industry peers to quickly contain and stop the threat before it can cripple other companies.
Watson versus Hackers
In the war against hackers, IBM has summoned its Artificial Intelligence supercomputer Watson as well. After dominating its human competitors on the television game show Jeopardy!, Watson has begun to dabble with healthcare, pharmaceuticals, finance, education and even cooking. Now the bot is dipping its robotic toes into the cyber security business.
IBM researchers have already begun feeding Watson with all sorts of computer security data sourced from X-Force Exchange.
The hope is that the trove of information on security vulnerabilities, spam messages, and malware will help the system become an expert assistant and advisor to security analysts. The project, powered by IBM’s Bluemix cloud computing platform, includes a partnership between IBM and eight universities that began in the fall of 2016.
Watson is designed to ingest research papers, blog posts, news stories, media reports, alerts, textbooks, and social media posts to build up knowledge about all the latest cyber threats. Students at the partnering schools will help input and annotate this so-called unstructured data to train the system. IBM believes there is a business opportunity in helping computer security experts make sense of the universe of literature and data surrounding cyber security.
"Our unrelenting focus in security is to innovate and help our clients stop cyber threats, and Watson for cyber security represents a major milestone in that regard"
“By leveraging Watson’s ability to bring context to staggering amounts of unstructured data, impossible for people alone to process, we will bring new insights, recommendations, and knowledge to security professionals, bringing greater speed and precision to the most advanced cyber security analysts, and providing novice analysts with on-the-job training,” states Zadelhoff. IBM Security is now training Watson on the language of security, expanding the intelligence gap of the bot to ensure it not only understands the varying dynamics of cyber attacks but also communicates it seamlessly with CISOs and IT leaders.
With Watson turning the wheel of innovation, organizations can stay several steps ahead of the hackers. “Our unrelenting focus in security is to innovate and help our clients stop cyber threats, and Watson for cyber security represents a major milestone in that regard,” says Zadelhoff. “We are ushering in a new cognitive era in security that will help our clients gain greater precision while helping to address the security skills gap.” Here, the end goal of IBM Security is a big data approach to cyber security that will have Watson automatically scour vast troves of security research at a rate human operators couldn't possibly manage to investigate when something fishy hits a victim’s computer systems.
The future is clear; whether it is about building a security operations center or assessing and improving security intelligence and operations capabilities for enterprises, IBM Security and its consultants are here to help. With Watson and X-Force Exchange backing its security consulting service, IBM Security is powering organizations stand tall against hackers and eliminate the cyber security threats that cross their paths, for today and tomorrow.