Security Intelligence at InterConnect - the what, why and how for modern CISOs
Melissa Stevens 270005B76W MELISSAS@US.IBM.COM | | Tags:  malware security-intelligence ciso ibminterconnect interconnect security
0 Comments | 4,703 Visits
Today I’m talking to Phil Neray, Security Intelligence strategist for Q1 Labs, an IBM Company. Phil will be attending InterConnect 2012 this October 9-11, where Brendan Hannigan, General Manager for IBM Security will be delivering a Hot Topic session entitled “Defending against cyber-threats with security intelligence and behavioral analytics.” Security Intelligence is the core offering of Q1 Labs, so I thought Phil could shed some light on this topic.
Q1: Hi Phil, for people not clear about “security intelligence” can you explain what is and why it’s important? What will people learn about security intelligence at InterConnect?
A1: Security Intelligence is about taking a more holistic approach to securing your critical assets and data from advanced threats. With this new approach, you continuously monitor your entire environment in real-time – including user activity, servers, applications, network security appliances like firewalls, VPNs and IDS/IPS, and network flow data – and combine this information with contextual information -- such as user identities and roles (who is doing what), asset data (what are my most critical assets) and threat intelligence data (such as IP addresses that are known sources of malware) -- in order to quickly identify and prioritize threats. Then you apply behavioral analytics to identify what’s unusual or unauthorized about what you’re observing.
Q2: What changes in our environment have made it harder for businesses to stay secure?
A2: The reason Security Intelligence is more important today is that cyber-attackers are much more sophisticated in the way they’re breaching organizations. In fact, according to the 2012 Data Breach Investigations Report, 92% of organizations don’t even know they’ve been breached! Cyber-attackers are using multiple avenues of attack -- such as sending targeted emails with malware to high-value employees (spear phishing) and exploiting vulnerabilities in Web-facing applications – so it’s important not to rely on a single technology or perimeter security solution, such as firewalls or AV, to protect your environment.
Plus, new business models are emerging that require adopting new technologies such as cloud computing, mobile devices and social media. These bring new agility and efficiency to your business as well as more openness and hence risk -- which must also be mitigated with new technologies and processes.
Finally, the role of the CISO is also changing to be more of a business leadership position than a traditional technology management position.
Q3: Where you say leadership is evolving, what does that mean? How does leadership play a role in security?
A3: Security is now a strategic, board-level priority. As a result, forward-thinking CISOs are moving from being reactive to being proactive about how they approach security and breach preparedness. They’re also focusing on improved communication with their business management peers, and in fact on improving collaboration and communication on an enterprise-wide basis.
Today’s CISO wants to balance the evolving needs of the business – more innovation, more agility, higher efficiency, and more information sharing -- with the need to safeguard their most valuable assets: your organization’s intellectual property, customer data and your brand.
Q4: What is IBM’s approach to dealing with these challenges?
A4: IBM provides an integrated portfolio of products and services to support this new model, -- including advanced correlation and behavioral analytics gained from its Q1 Labs acquisition -- along with the expertise of 6,000 security engineers and consultants worldwide to help organizations implement a phased approach to security intelligence (because you can’t do it all at once!).
Q5: Last question! Where can attendees go to learn more about the topics being discussed? What else is going on InterConnect that people should know about?
A5: InterConnect offers many ways to get more information.
First, you can attend the Hot Topic session entitled “Defending against cyber-threats with security intelligence & behavioral analytics” on either Wednesday, October 10, or Thursday October 11. The session will be led by Brendan Hannigan, General Manager of IBM’s new security systems division and former CEO of Q1 Labs. Additionally, this session features two client CISOs who’ll talk about how they’re using IBM security technologies to address the challenges we’ve outlined above.
You can also attend the Security Intelligence “Exchange” session on Wednesday, October 10 that will provide a forum for interactive conversations with IBM security experts, IBM business partners, and your peers in other organizations – exploring best practices for evolving to a security intelligence mindset and implementation.
On Tuesday night, we’re having a special dinner for all our security clients that will give you a chance to network with other CISOs. This will also be the inaugural meeting for a new group called “CISO-Connect” that will connect CISOs with their peers in leading organizations across the Asia-Pacific region. This is your opportunity to join the group and share best practices with them!
At the dinner, we’ll review the results of IBM’s industry-wide survey on the changing role of the CISO, as well as the results of the latest X-Force Trend & Risk Report that is being published just before the conference. This report, published only twice per year, provides statistical information about all aspects of threats that affect Internet security, including software vulnerabilities, malware, spam, phishing, web-based threats, and cyber criminal activity, helping organizations understand the changing nature of the threat landscape and what can be done to mitigate it. Read more about the report here, and if you're interested in learning more about the X-Force report before InterConnect, you can join us on September 20 for a live podcast at 12 PM ET (which will also be available on-demand using the same link).
Finally, you can visit the “Solutions” center at the conference every day to look at hands-on demos and have 1-on-1 conversations with IBM SMEs.