You are here

Building better defences against cyberattacks

IBM's cognitive thrust in the war against cyber-terrorists helps end-users more intelligently prevent, detect and respond to malware

When an organisation's security systems are battle-ready, it arms its security professionals with the collective knowledge and instinct to respond to threats with greater confidence at scale and speed. A cognitive business out-thinks and outpaces threats with security systems that can understand, reason and learn.

WHEN the recent WannaCry ransomware attack hit the global headlines, thousands of security practitioners around the world flocked to threat intelligence feeds to help streamline their investigations. While the security community learnt many valuable lessons from this attack, it is impossible to say that a strike of this magnitude will not happen again. As WannaCry demonstrated, the cost of ransomware goes far beyond the ransom fee demanded to get access to your files - it brings down businesses and in some cases even threatens lives. According to a Ransomware Damage Report by Cybersecurity Ventures, it is predicted that global ransomware damage costs will exceed US$5 billion in 2017, up from US$325 million in 2015.

The 21st century organised crime of cybercrime is a reality today, with 80 per cent of cyberattacks driven by highly organised crime rings in which data, tools and expertise are widely shared. Juniper Research estimates that cybercrime will cost the global economy more than US$2 trillion by 2019 and that it represents what could be the greatest threat to every company in the world.

Given the rate, pace and sophistication of attacks, the days of using "moat & firewall" security are no longer enough. Like a human immune system, today's cybersecurity defences need to find the attacks that will eventually breach a perimeter, quarantine and remediate them - across an organisation's data, applications, mobile, IOT and endpoint devices. Non-integrated, point-product security solutions are insufficient, which is a concern when we consider that many organisations can use up to 50 security products from as many as 80 vendors.

It takes constant monitoring and maximum use of data to find attacks and abnormal behaviour before damage is done. But the world produces over 2.5 quintillion bytes of data every day, and 80 per cent of it is unstructured. This means it's expressed in natural language - spoken, written or visual - that a human can easily understand but traditional security systems can't.

Market voices on:

"Cognitive": the new era of security

The reality is that there are thousands of security blogs posted every day with detailed threat intelligence. It's impossible for a security analyst to know everything that's in them, and traditional security is unable to analyse and apply this insight the way an analyst can. This is why the most challenging security problems require people to make sound decisions about what to act on and what is a false alarm. In fact, the best security professionals build their body of knowledge every day through experience, talking with colleagues, attending conferences and staying up-to-date on research.

In order to address some of these challenges, IBM Security is training a new generation of cognitive systems to understand, reason and learn about constantly evolving security threats. These IBM systems are built with security instincts and expertise into new defences that analyse research reports, web text, threat data and other security-relevant structured and unstructured data - just like security professionals do every day - but at a scale never seen before. This is the essence of what IBM calls cognitive security (also referred to as machine learning or AI in the industry).

Cognitive is one of the elements IBM has focused on as we have built our strategy and portfolio to move beyond simply blocking threats to employing techniques that can more intelligently prevent, detect and respond; the other two elements being cloud and collaboration. As more and more data moves to the cloud, IBM helps clients plan, deploy and manage security across their infrastructure.

Lastly, from a collaboration perspective, IBM has taken a lead in driving collaboration between the private and public sectors, enterprises and security vendors. No single organisation can effectively stop the spread of malware across industries, nations and individuals, and by sharing threat information and new tools, organisations can proactively hunt for, and stop, attacks before they ever take hold. The launch of X-Force Exchange and IBM Security App Exchange were important first steps.

The X-Force Exchange, a cloud-based threat intelligence sharing platform, enables users to rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts and collaborate with peers. The IBM Security App Exchange is a marketplace for the security community (customers, business partners and other developers) to create and share applications that integrate with the leading IBM Security solutions. IBM Business Partners are able to tap best-of-breed technologies, regional experts and ongoing innovation to deliver, integrated security solutions for their clients and end-users. IBM Asia Pacific channel strategy continues to be centred on helping partners build strength in enterprise while also growing the commercial market, including small and medium businesses where the Channel will be our primary Route-to-Market. With the increasing demand in the market for outsourcing IT operations to service providers, we are also helping transform our Core Partners such as VAD (Value Added Distributor) and SI's (System Integrators) to working with New Age Partners such as Independent Software Vendors (ISVs), Developers and Startups.

An example of IBM's security offerings to Business Partners are the Cognitive Security Centres - a global network of 12 IBM X-Force Command Security Operations Centres - where IBM deploys Watson for Cyber Security to help protect clients from cyberattacks. The global network includes physical facilities and a network of 1,400 security professionals working virtually across the world to manage security for IBM clients. The centres currently manage one trillion security events every month for more than 4,500 clients across 133 countries.

IT "as a service" in all its forms has become a rapidly growing business opportunity for the IT channel. It has the ability to make service providers such as Managed Service Providers (MSPs) and Cloud Service Providers (CSPs) the new IT department for businesses of any shape and size. IBM works closely with MSPs and CSPs to help their clients capitalise on the market, by providing them with a comprehensive suite of intelligent, integrated solutions on-premise and on cloud designed to meet security goals.

Partnering with Asean organisations

To lead industry transformation and nurture cyber security expertise and capabilities, IBM recently announced a Memorandum of Understanding with Singapore Technologies Limited (ST Electronics), an IBM Business Partner, to co-develop ST Electronics' next generation security operations centre. This is an excellent example of how a System Integrator (SI) is leveraging IBM Security to transform their current cyber security ecosystem with traditional SOCs into a cognitive Command and Control Centre. In addition, the ability to detect early abnormalities and uncover advance threats for proactive defence, the new capabilities of the Command and Control Centre will provide clarity of networks driven by analytics and system integration to enable a swift, nimble and effective response to a security incident.

Another strategic partnership is with Deloitte Singapore, an MSP in South-east Asia. They provide Managed Security Services to their enterprise customer base. This partnership enables them to offer a resilient service from their local SOC to help their clients overcome security challenges. We have also partnered with ITO Security Pte Ltd., one of our key Singapore based Managed Services Partners, which helps its customers manage their endpoints and servers across physical and virtual environments. They have integrated their offerings with IBM Security products to provide best-of-breed solution to their customers.

As humans, we sense and respond to situations using a lifetime of experience and learning. When an organisation's security systems can do the same, it arms its security professionals with the collective knowledge and instinct to respond to threats with greater confidence at scale and speed. A cognitive business out-thinks and outpaces threats with security systems that can understand, reason and learn.

At IBM, we are committed to the success of our channel partners by helping them enhance their role as trusted advisers by helping clients compete using data to understand and respond to opportunities in their industry with the best technology, people and innovation.

  • The writer is vice-president, IBM Security for the Asia-Pacific