As part of our on-going industry coverage Edison is not only investigating the latest and greatest in Enterprise technology features and capabilities but also the motivations and vision of the people behind these innovations. In the Edison IT Visionary series, we interview executives, influencers, and innovators to discuss their take on the industry, their role, and the solutions meeting the technology challenges of today and tomorrow. In this edition, Edison’s Hal Kreitzman sits down with Jay Bretzmann, Segment Marketing Specialist for Security Intelligence at IBM Security, to discuss his take on the future of IT security.
Hal: I appreciate you being able to take the time to talk to us about your vision of where technology and business are going, and ultimately how IBM is going to meet those challenges. I’ll just kick it off to say what trends, innovations and/or technological developments are you most excited about?
Jay: I’m working for the security division, and what we produce is technology that helps just keep your IT running the way you want it to run. The one thing we’d like to tell the CIO is, don’t worry about security, we got it covered.
“WHAT WE’RE TRYING TO DO IS PRODUCE TECHNOLOGY THAT DEFENDS, AND ALSO DETECTS, AND THEN REMEDIATES ALL THIS KIND OF ACTIVITY BEFORE ANY REAL INVALUABLE DATA HAS BEEN LOST, STOLEN, OR OTHERWISE COMPROMISED.”
It’s a very challenging environment, and the bad guys outnumber the good guys about ten to one. This is the way to pull off mass crime these days. Why go rob a bank when you can tap into some kind of corporate account, steal a whole bunch of credit card numbers, medical ID’s, whatever it is, and go sell those? What we’re trying to do is produce technology that defends, and also detects, and then remediates all this kind of activity before any real invaluable data has been lost, stolen, or otherwise compromised.
Hal: That’s a big challenge.
Jay: It’s huge, and there are very few companies that are up to it really. What’s funny is most of the organizations that buy IT security, buy it in a piecemeal fashion. They get a little bit of budget, and then they go out and they solve the one outstanding problem that they see, which is half the time based on some compliance mandate, “We need to do this so we’re in compliance, so let’s go do that.”
“WE’VE GOT LEADERSHIP TECHNOLOGY THAT HELPS DO BEHAVIORAL ANALYSIS, AND IT REALLY LOOKS AT WHO IS ON YOUR SYSTEM AND WHAT THEY DO.”
Over the course of six years, they’ve got twenty, thirty different solutions, none of which talk to each other, and they’ve got a mess. Suddenly lightning strikes, there’s a real breach, and they don’t see it. The statistics that are out there say that most of these attackers, once they get in, and there are seventy thousand plus vulnerabilities out there in the market today, so they will get in, right, they wander around and look for stuff for six to eight months before anybody notices, “Oh, I’ve got a problem here.”
We’ve got leadership technology that helps do behavioral analysis, and it really looks at who is on your system and what they do. Most of the compromises that are high profile and largely due to phishing stuff, right, where somebody clicks on the wrong link, or they compromise their login credentials somehow, and then that attacker gets on the network, but they have no idea what this person typically would do in the course of their job. They’re just out there, roaming around looking for stuff, and that turns up pretty quickly in some type of baseline analysis versus current activity type of comparison.
Hal: I’m assuming that that kind of behavioral analysis not only would help detect the type of people from the outside coming in, I expect they’d also be able to detect suspicious activity going on within the organization as well.
Jay: Yeah, absolutely, and that’s probably forty percent of the problems out there, but when you’ve got an insider working, they tend to be higher value data loss, because they know something about it, and they’re quicker, and delegate more resources over the course of the attack. You’ve got that, and you’ve got fraud as well, people who are gaming the system for one thing or another, just so they can benefit from it.
Hal: Very simply, it seems that with everything that’s going on, everything that’s in the news about breaches and information, electronic information being shared, IBM has taken a very holistic view, which makes a lot of sense. Like you said, the one offs don’t really make a lot of sense with the holistic view. Can you expand on that a little more?
Jay: What we’ve basically done with this division is, we’ve done a lot of acquiring of best of breed solution, and then we spend a lot of our resources integrating them. If we figure out we’ve got an exposure, we need a new technology, instead of developing it internally, there are always startups basically. We’ll go out and do the due diligence, find the best solution, and then put a dozen engineers on building the tight integrations with the rest of the portfolio. That way, we get state of the art technology, we get interesting new people in the corporation. The more data you collect, the better off you are, because it gives you context. If all you’re doing is collecting logs and stuff, then you’re not going to see the rest of the identity stuff going on, the communications between the switches, routers, all that kind of stuff. We like to try to emphasize that it’s more than just basic data.
“THE MORE DATA YOU COLLECT, THE BETTER OFF YOU ARE, BECAUSE IT GIVES YOU CONTEXT.”
Hal: When all is said and done, you’re talking about a rather significant software and hardware investment solution for individual organizations. Is it primarily offered to enterprises, or do you have other types of flavors to offer to the small and medium businesses?
Jay: It is a combination of both enterprises and these managed service providers. The implementation all depends on whether the client wants to watch the screen or want to pay somebody who knows what they’re doing to watch the screen. We’re very adaptable, we have all kinds of different licensing terms that you can acquire the software under. We announced something that was basically a SaaS offering. If you don’t want to buy the software, deploy the software and take all that time, we’ll take care of all that stuff, and then you can watch your own screen. We’ve got a couple of recent clients, in especially the retail space, that have gone for that option as well.
Hal: Do you think SaaS solutions or hosted solutions is one of the trends that many of the organizations, like yourself, are offering?
Jay: I think that long term, that’s where the whole big market wants to go. Think about security technology, is it strategic? Does it help you build a better product? Does it help reach more markets? No. It just makes sure that your IT functions like it should. In that respect, the organizations that really care, and would be completely out of business should they be breached, they don’t have the trust factor yet, that would allow them to outsource things. For mid-market companies that have never been breached, it’s like: “Just make it go away. I don’t want to deal with this, you guys do it every day, and I can get time to market, time to value of a week or less once I sign a contract.”
Hal: There was a quote flying around, something about that “in fifteen years, seventy-five percent of the S&P 500 won’t be there any longer because they’re not focusing on the things that actually keep them in business.” This seems to be a necessary evil so to speak, it’s a cost of doing business. I can’t see that organizations are going to be able to afford the time, resources and the effort to do it to the level that they need to do it in order to protect their company. Do you have any comments on that?
Jay: The other huge challenge is just finding the talent that knows what they’re doing. The number of trained security professionals is nowhere near what’s required in the marketplace. If you try to go out there and hire somebody, you’re going to pay a lot more than you want to pay, and you’ll probably get less of the skill that you really need, that you want. These people, some of our competition has stuff that takes a little bit more programming to run, and whenever I get one of those people coming up to me at a trade show, I say, “Oh really? You’re using that product? How’s it going? How many people know how to program that?” “We’ve got one guy.” “What happens when you lose them? Guess what, you will, unless you’re going to give them twenty percent raises every year.”
“THE OTHER HUGE CHALLENGE IS JUST FINDING THE TALENT THAT KNOWS WHAT THEY’RE DOING. THE NUMBER OF TRAINED SECURITY PROFESSIONALS IS NOWHERE NEAR WHAT’S REQUIRED IN THE MARKETPLACE.”
It’s just a huge, nasty challenge that is basically brought on by the fact that it’s pretty easy to exploit these vulnerabilities that have been out there, and nobody cared about security for the last twenty years when they were developing IT applications. That was the central focus, therefore they’re full of holes. Microsoft used to be the poster child, but if you look at it now, it’s a much more the framework applications that are being exploited because Java is the new poster child, so to speak. It’s the right once to exploit anywhere. If you can find a way to inject malicious code into a Java app and somebody downloads it because they think it’s interesting, or whatever, you’re going to be very successful and probably find a bunch of data that maybe someone will want to buy. The funny thing is, the people that break into the networks and steal the data, they’re not necessarily the people that use it. They put it on the open market and sell it to somebody else, it’s just quite the organized crime environment on cyberspace.
Hal: If you had to highlight any IBM product or service specifically, what are your premier security based products that you’re looking at right now, or that you have to offer?
Jay: The fundamental technology that we bought to form this division was called QRadar, and it is a SIEM technology, we called it security and intelligence before other people did. Now everybody calls it security intelligence, the name doesn’t really differentiate ourselves. The differentiation is in a central console that provides visibility through the whole network, all the data you’re collecting through these other products is all coming into the central resource, and therefore you’ve got one consistent view, it’s a tabbed architecture, so you can click across the tabs and look at risk versus vulnerability versus current offences, and then do administration.
One product cannot possibly solve the needs of this industry, and we’ve got probably a dozen others that are required in terms of identity management, database monitoring, network blocking type technology, end point management, patching, all those kind of things. We announced this thing called the IBM Security Threat Protection System which was just kind of a way to talk about multiple products that we have all working together to provide this selective capability. That’s what we’ve been emphasizing for the last year or so, and it is Trusteer malware protection, it’s a BigFix, end point management, it’s Guardium database management, it’s QRadar, it’s XGS, that protection all rolled into a three letter acronym.
Hal: Our time is basically up but I want to give you an opportunity to say anything else about the subject matter itself.
Jay: It’s an ever morphing challenge, nothing stands still, so it’s really difficult to provide any sort of panacea type product. I was at a customer conference yesterday where they were talking about how antivirus is dead, and it’s like, yeah, of course, because it’s based upon a single script, you’re looking for a pattern. When the pattern changes on a daily or an hourly basis, those kind of products will never do it anymore. The key is really having some type of behavioral analysis, analytics, and sensing so you can pick up on a new trend or anomaly, those are the things to go look at, because typically when you’re breached and things are going wrong, there’s unique activity associated with that.
Harold Kreitzman has spent his career enhancing business value through the appropriate application of people, process, and technology. Prior to joining Edison Group, Inc. as VP of Digital Programs, he ran his own Management Consulting firm. Prior to that he served as the Chief Technology Executive at The Blackstone Group where he helped them grow to a global investment banking firm.
Jay Bretzmann is the Segment Marketing Specialist for Security Intelligence at IBM Security. During his long career at IBM, he has been responsible for the Tivoli Automation and Enterprise Asset Management portfolio, business partner activities for IBM’s WebSphere connectivity portfolio and IBM’s line of Intel-based SMP server offerings.