IBM InterConnect keynote: Security for a new era of computing

Security Intelligence is a major theme at this year’s IBM InterConnect conference, and it took center stage in Tuesday morning’s keynote address by Brendan Hannigan, General Manager of IBM’s Security division.

Hannigan addressed what IBM considers to be four “myths” that prevent organizations from thinking realistically about information security, and from discussing related risks in a way that fosters efficient and productive responses for managing that risk. Those myths were (paraphrasing, and in the first person):

  • Attackers are not already inside my defensive perimeter
  • I can combat today’s threats alone
  • I’m investing wisely today in the right defensive measures
  • Innovation is too risky

On the contrary, Hannigan argued, today’s threat:

  • Has the technical skill (or, more likely, enough automated tooling purchased with stolen credit card information) to penetrate your organization’s perimeter defenses, and subvert user authorities to access some of the “crown jewels.”
  • Is not a “lone attacker sitting in his boxer shorts, holding a Gatorade and a bag of Cheetos,” but is in fact multiple criminal organizations who actively collaborate with one another to improve both the effectiveness of individual offensive techniques, and the ease with which those techniques can be automated.
  • Is not adequately addressed by the types of defensive investments organizations have relied upon in the past.
  • Can only be effectively combatted with new defensive techniques, and by making mitigation and incident response a more prominent focus in defensive strategy.

In IBM’s tactical triad of “Prevent, Detect, Respond,” they are announcing new products in each of those solution areas.

In the preventative space, IBM Trusteer Apex uses runtime behavior analysis to detect malware-like behavior as it happens on a Windows or Mac OS X endpoint, and can stop or sandbox applications in direct response.  As Hannigan put it, “We don’t just detect malware, we stop it.”  Other highlights in this area were automated vulnerability analysis for web services built with IBM’s Bluemix platform, and IBM AppScan Mobile Analyzer / Dynamic Analyzer.  The goal Hannigan expressed is not merely to make vulnerability analysis available, but “to make it hard not to do it.”

Straddling detection and response is the newly announced APT Survival Kit, which is designed to help organizations understand their true exposure and mitigation options in the event of a breach.  A new option for security event understanding is IBM Security Intelligence in the Cloud (essentially, QRadar as a Service).  And because criminals have taken to stalking individual high-value executive targets in the hope of capturing their money or privileges to corporate data, IBM is announcing Executive Protection Services to help individuals understand and reduce the electronic attack surface of their most powerful employees.

The need for defensive collaboration among (often competing) organizations is likely to be the toughest nut to crack, and the newly-announced IBM X-Force Exchange will be important to watch.  It’s designed to help enterprises share incident data with each other, which IBM clearly believes is necessary to defend against the modern threat.

For some time, the strength of IBM’s security message has been the breadth of their offerings and the depth of expertise they can provide in consulting.  Tuesday’s announcements show that they’re going to continue aggressively pressing those advantages, but ultimately seek to gain market share by improving deployment options, automate types of vulnerability analysis that previously required rare skills, and helping organizations survive those attacks that squeeze through their other layers of defense.