IBM has spent $200 million on new services to help customers deal with cyber security incidents. The centrepiece of this investment is a new global security headquarters in Cambridge, Mass. IBM has located its first Cyber Range for the commercial, rather than the governmental sector here. This allows customers to send their own security response teams for advanced training using real world scenarios.
According to Marc van Zadelhoff, General Manager, IBM Security: “Being prepared to respond is the first line of defense in making sure a cyber security incident doesn’t become a crisis. To adequately prepare for –and respond to – cyber attacks, companies need to assemble cross-functional teams that bring a strategic mix of security intelligence, technical skill, legal precision and regulatory understanding combined with a comprehensive plan of action. With our investments, we’ve moved IBM into a unique position in the industry with a comprehensive cybersecurity immune system for customers to build world-class capabilities for thwarting cybercrime.”
What is a Cyber Range?
Think of a military training ground where you have to defend your position against attack. Translate that into cyberspace and you have a Cyber Range. Security teams will find themselves facing simulated cyber attacks using real malware and attack techniques used by hackers. They will learn how to prepare for, respond to, and manage a broad variety of threats. Importantly this is not just for security teams.
Cyber defence is not just an IT problem, it is something that affects the entire company. IBM is making the Cyber Range accessible to the Chief Information Security Office (CISO) and other members of the C-suite. They will experience the impact of a cyber attack using real-world scenarios. It will give customers a chance to test their own policies and procedures for dealing with a cyber attack. This will include testing their responses to regulators, local and national law enforcement, customers, management and even the press. These are all areas where companies need to have a coherent response strategy. Failing to get this right means a bad situation can quickly spiral into an epic disaster.
The Cyber Range is also open to other people. IBM is keen to see students with an interest in cyber security come to the Cyber Range. The goal will be to give them an insight into what a cyber security career is about. This is a smart move. There is a huge fight for talent in the cyber security space. It also gives IBM a chance to look at the next generation of talent coming onto the market. IBM will also have a chance to pitch itself as where they want to work. This will improve its chances of signing them up to meet its own need for more researchers and security team members.
IBM unleashes the X-Force IRIS team
The IBM X-Force Command Centres now handle over 1 trillion security events per month. That number is continuing to grow. It is now using that data to train the next generation of its security software. IBM announced Watson for Cyber Security last year. It is now deploying Watson into the X-Force Command Centre as part of its training into spotting a cyber attack. This will give many customers hope that they can soon buy into an AI solution capable of reducing the number of attacks they are dealing with.
IBM has now launched its own cyber security special forces unit. They are called the IBM X-Force Incident Response and Intelligence Services (IRIS) team. The current team consists of 100 personnel spread across the globe. We did ask IBM where they were located but it failed to respond. That may be deliberate to create a bit of mystic about them. After all with a Cyber Range and elite units, it’s tempting to ask if IBM requires them to undergo Cyber Seal training with the US Marine Corps.
The team is led by Wendi Whitmore who once worked in the US Air Force, Office of Special Investigations. Since then Whitmore has created and built incident response teams in several companies finally joining IBM in March 2016 to set up the IRIS programme. It would be interesting to know how many of the first cohort of IRIS staff were recruited from outside of IBM just for their skills. What is known is that they have all worked on large security breaches. IBM says that many of them are former security experts at federal law enforcement and intelligence agencies. IBM says that they were all involved in building intelligence collection and analysis capabilities which are still in use today.
It is not clear if the X-Force IRIS team also run the Cyber Range. According to the press release: “With a focus on preparedness and planning, the IBM X-Force IRIS practice helps customers test their environment, run attack scenarios, and identify key business systems and processes needing stronger security and critical to maintaining resiliency. Through an emphasis on proactive planning, IBM X-Force IRIS can help clients reduce the costs and complications of response, which can help lead to quicker containment of an incident.”
Conclusion
IBM is continuing to scale up its security services for customers. This is a market that is beginning to get crowded with hundreds of small cyber security companies bidding for customer budgets. By moving towards highly advanced training for the C-suite as well as security teams IBM is tapping into an untouched market. Most training is technical by nature. The Talk Talk hack in 2014 highlighted just how badly a poor corporate response can exacerbate the impact of a cyber attack.
It will be interesting to see how quickly IBM grows the X-Force IRIS team. This is a space where there is a very limited availability of talent. IBM has shown that it is willing to spend what it takes to attract that talent. Can IBM’s major competitors in the cyber security space react to the X-Force IRIS team and the Cyber Range announcements? The answer is likely to be not in the short term. By the time they do respond IBM will have taken a significant lead in this new cyber security market.
