The sharing of masses of threat-intelligence data between IBM and Cisco Systems will improve Australian companies’ responses to security incidents thanks to the delivery of masses of new information to train IBM’s Watson artificial-intelligence engine, according to the head of the company’s regional security operations.
Dramatically improved sharing between the two companies will see functional integration between their respective security-intelligence teams – IBM’s X-Force and Cisco’s Talos – in an effort to overcome technological hurdles that have been created by the multiplicity of security platforms installed in the typical organisation.
“The data is there,” Glen Gooding, IBM Australia’s Security Services leader, told CSO Australia, “and being able to consume it, understand it, and make appropriate use of it in a short timeframe is what’s going to make people successful in getting on top of any sort of security outbreak within their organisations.”
Amongst its numerous facets, the alliance will see the two companies working together to develop new managed services – which IBM will provide to support Cisco security platforms in public cloud services – and integrating X-Force Exchange and Cisco Threat Grid.
Before this announcement, “we didn’t have access to any of the threat intelligence that Cisco had,” Gooding said. “Now we’ll be able to enhance our learnings, and to get more understanding of an incident or malware outbreak so that we can remediate it faster than we could have done before.”
A key part of that response will be IBM’s use of its Watson for Cyber Security platform, which it announced in February as a targeted application for its Watson artificial-intelligence engine. Watson for Cyber Security forms a core component of the company’s Cognitive SOC platform, which is being pitched as a core tool for security operations centre response teams.
This latest partnership will see Cisco’s body of threat intelligence fed into the Watson engine, which was trained using over 1 million security documents over the previous year and is now “learning”, Gooding said, based on its analysis and correlation of a steady diet of security blogs, Web sites, white papers, social-media content, and more.
The challenges of poorly-integrated tools and threat-intelligence services are nothing new: Cisco was banging the integration drum loudly at its Cisco Live! conference in Melbourne.
Cisco has offered another technological locus through its Platform Exchange Grid (pxGrid) – supporting its ongoing calls for better integration – but it’s not the only security vendor that recognises better data sharing has become crucial to improving security response.
McAfee, for one, is also making a play for better integration between security products. Earlier this year, McAfee’s newly-appointed regional manager Gavin Struthers told CSO Australia that the industry was to blame for creating a “messy, fragmented industry” based on “inorganic innovation”.
IBM has pushed hard to consolidate its local cybersecurity operations in the wake of its involvement in last year’s disastrous eCensus failure, recently forming a new crack team of security specialists – headed by industry veteran Wendi Whitmore – and tasking Watson with a mobile device management (MDM) security offering called Advisor.
Gooding expects to see more sharing relationships develop as the strength-in-numbers approach gains more strength over time: “As the industry matures,” he said, “we’re going to see more and more of the security vendors getting together and being able to integrate their toolsets, service capabilities and intelligence feeds to the betterment and protection of Australian customers.”
Indeed, customers are expected to be the ultimate beneficiaries of the move: “In cybersecurity, taking a data-driven approach is the only way to stay ahead of the threats impacting your business,” BNSF Railway chief information security director Bill Heinrich said in a statement.
“Cisco and IBM working together greatly increases our team’s ability to focus on stopping threats versus making disconnected systems work with each other. This more open and collaborative approach is an important step for the industry and our ability to defend ourselves against cybercrime.”