IHLS TV: The Future of Cyber in IBM, with Richard Miller

IHLS TV: The Future of Cyber in IBM, with Richard Miller

This post is also available in: heעברית (Hebrew)

Richard Miller, security strategist and privacy consultant for IBM Global Services, is responsible for IBM’s Virtual Security Operations Centers (SOC), monitoring clients’ networks in search of threats. Over the last few years IBM started helping clients form their own security centers, offering consultation services focusing on efficient cyber security policies: Tools, technologies and processes.

In the past, said Miller, cyber threats included mostly worms, viruses, trojans and so on. Today, however, the most significant danger is what’s known as Advanced Persistent Threats. The threats themselves may be very advanced and sophisticated, but the methods used to infiltrate networks are still very traditional. According to Miller they include social engineering, for example – methods of fooling users into allowing the threat to enter their systems.

The solution is a better understanding of what exactly should be defended, where the vulnerabilities are, how to foresee threats in advance and block them successfully. It’s very difficult to design a security system that can defend against all threats, reacting after an attack like a traditional antivirus. These days you have to develop intelligence gathering and analytics capabilities, eventually designing a proactive security system that can prevent attacks before they take place.

Concerning SCADA systems, it’s important to realize how different clients face different challenges and threats. Critical infrastructure facilities, for example, are faced with very different challenges compared to financial institutions: Integral physical systems connected to the network, cyber attacks masquerading as physical malfunctions, and so on. Security specialists have to know who might attack and how, while always investigating physical malfunctions as possible cyber intrusions.

IHLS – Israel Homeland Security

big data_650x90

IBM’s vision, according to Miller, isn’t limited to the cyber arena itself. SIEM systems and SOC are important components of security systems, but one should never rely on a single tool. Systems have to be evaluated based on general performance, their interaction with analytics and big data elements. The goal is to design the correct processes, said Miller, to use tools efficiently in order to improve overall business practices, not just to protect networks.

Concerning the rapidly expanding homeland security arena, Miller explained that IBM intends to add relevant physical information to cyber-security analytics. Information about the motives and methods of criminals who use cyber-attacks to defraud banks, for example, seems to fit naturally with other “pure cyber” big-data analytics.

Israeli talent and experience helps IBM with its global efforts, said Miller, lauding the local atmosphere of innovation and originality.

Cyber security is a very high priority for IBM. The company considers its consulting services to be of the utmost importance. People usually don’t associate IBM with cyber security, concluded Miller, but in fact the company invests a lot in that area. The goal isn’t just to offer general cyber advice to clients – IBM aims to help every client design their own, most efficient cyber-security processes and tools.