>> Announcer: Live from
Las Vegas, it's The Cube.
Covering IBM Think 2018,
brought to you by IBM.
>> Welcome back to IBM Think 2018.
My name is Dave Vellante
and you're watching
The Cube, the leader
in live tech coverage.
This is IBM's inaugural Think event.
Companies consolidated about
six major events into one
We're trying to figure
it out, 30-40,000 people
there's too many people to
count, it's just unbelievable.
Mary O'Brien is here,
she is the vice president
of research and development
at IBM in from Cork, Ireland.
Mary, great to see you,
thanks for coming on The Cube.
>> Thank you, Dave.
>> So tell us a little bit more
about your role at IBM as head
of research and development.
>> Okay so I'm head of
research and development
for IBM Security explicitly so in that
capacity I manage a worldwide team
of researchers and developers
and we take products from, you know,
incubation, initial ideas all the way
through to products in the field.
Products that help defend
businesses against cyber crime.
>> So, Jenny was talking
today about, you know,
security is one of the tenants
of your offerings at the core.
>> Mary: Yes.
>> So, everybody talks about security.
>> You can't bolt it on, you know, there's
a lot of sort of
conversations around that.
What does that mean, security at the core
from a design and R & D perspective?
>> That actually means that the developers
of applications are actually aware
of security best practices as they design,
as they architect and
design their applications.
So that they don't deliver
applications to the field
that have vulnerabilities
that can be exploited.
So, instead of trying
to secure a perimeter
of an application or a
product or, you know,
a perimeter full stop they actually
design security into the application.
It makes it a much more efficient,
much cheaper way to
deliver security and also,
you know, much stronger
security base there.
>> So, I wonder if you
could relate, sort of,
what you guys are doing in
security with what's happened
in the market over the
last 10 or 15 years.
So, it used to be security was, you know,
hacktivists and you know
throw some malware in
and maybe do some disruption has become
cyber criminals, you
know, big business now
and then of course
you've got nation states.
>> Mm-hmm
How have you had to respond
specifically within the R & D
organization to deal with those threats?
>> So, you know, you have
described the evolution
of cyber crime over the last years and
for sure it's no longer kids in a basement
you know, hacking to, for the fun of it.
Cyber crime is big business and, you know,
there's money to be made
for cyber criminals.
So, as a result they
are looking to hack in
and get high value assets
out of enterprises,
and of course, we as an
organization and as a
security business unit have
had to respond to that.
By really understanding,
you know, what constitutes
a very mature set of security competencies
and practices and you
know how we break down
this massive problem
into you know, bite sized
consumable pieces that
any business can consume
and work into their enterprise
in order to protect them.
So, we have developed
a portfolio of products
that look at protecting all
parts of your enterprise.
You know, by infusing security everywhere,
you know, on your devices, on the,
you know, the perimeter of your business.
Protecting your data,
protecting all sorts,
and we also have developed a huge practice
of security professionals
who actually will
go out and do it for
you or will, you know,
assess your security posture and tell you
where you've got problems
and how to fix them.
>> I remember a piece
that our head of research,
>> Peter Burris, wrote years ago and it
was entitled something
like "Bad User Behavior
will Trump Good Security Every Time"
and so my understanding is phishing is
obviously one of the big problems today.
How do you combat that, can you use
machine intelligence to help people,
you know, users that
aren't security conscious
sort of avoid the mistakes
that they've been making?
>> So, before I get into
the, the complicated,
advanced, you know, machine
learning and artificial
intelligence practices that
we are bringing to bear now,
you know, it's important
to be clear that you know,
a vast number of breaches
come from the inside.
So, they come from either
the sloppy employee
who doesn't change their password often
or uses the same password
for work and play
and the same password everywhere.
Or, you know, the unfortunate employee
who clicks on a malicious
link and you know,
takes in some malware
into their devices and
malware that can actually you know,
move horizontally through the business.
Or it can come from you know, the end user
or the insider with malicious intent.
Okay, so, it's pretty clear to all of us
that basic security hygiene
is the fundamental so
actually making sure that your laptop,
your devices are patched.
They have the latest
security patches on board.
Security practices are understood.
Basic password hygiene and et cetera,
that's kind of the start.
>> Uh oh.
>> Okay keep going.
>> Okay, so--
>> I'm starting to sweat.
>> So, you know,
and of course, you know, in this era
of cyber crime as we've seen it evolve
in the last few years,
the security industry
has reached a perfect storm because it's
well known that by 2020
there will be 1.2 million
unfilled security
professional roles, okay?
Now, couple that with
the fact that there are
in the region, in the same time frame,
in the region of 50 billion connected
devices in the internet of things.
So what's happening is
the attack landscape
and you know, the attack
surface is increasing.
The opportunity for the
cyber criminalist to
attack is increasing and
the number of professionals
available to fight that
crime is not increasing
because of this huge shortage.
So, you know, you heard Jenny this morning
talking about the era of
man assisted by machine
so infusing artificial
intelligence and machine learning
into security products and practices
is another instantiation of man
being assisted by machine and that is our,
our tool and our new practice in the
fight against cyber crime.
>> So when I talk to
security professionals
consistently they tell us that they have
more demand for their services than supply
to chase down, you know, threats.
They have, they struggle to prioritize.
They struggle with just too many
false positives and they need help.
They're not as productive
as they'd like to be.
Can machine intelligence assist there?
>> Absolutely, so
computers, let's face it,
computers are ideally placed to pour over
vast quantities of data
looking for trends, anomalies,
and really finding the
needle in the haystack.
They have such a vast capacity to do this
that's way out, you know,
that really surpasses
what a human can do and so you know,
with, in this era of machine learning
you can actually you
know, equip a computer
with a set of basic rules and you know,
set it loose on vast quantities of data
and let it test and iterate those rules
with this data and become increasingly
knowledgeable you know, about the data.
The trends in the data, what the data,
what good data looks
like, what anomalous data
looks like and at speed
point out the anomalies
and find that needle in the haystack.
>> So, there's a stat, depending on which,
you know, firm you look
at or which organization
you believe, but it's scary none the less.
That the average
penetration is only detected
250 or 350 days after the infiltration,
and that is a scary stat, it would take
a year to find out that
somebody has infiltrated
my organization or
whatever it is, 200 days.
Is that number shrinking, is the industry
as a whole, not just IBM,
attacking that figure?
First of all, is it a valid figure,
and are you able to attack that?
>> Well, the figure is definitely scary.
I don't know whether
your figure is exactly
>> Yeah, well
the latest figure
but it's a scary figure
>> Yeah.
and it's well known that
attackers will get in.
So, of course, there's, uh there's
the various phases of, you
know, protecting yourself.
So, you're going to try to avoid
the attackers getting
in in the first place.
Using the various hygienic means of
you know, keeping your
devices, you know, clean
and free from vulnerabilities and so on.
But you've also got to be
aware that the attacker
does get in so now you've got
to make sure that you limit
the damage that they can
cause when they're in.
So, of course, you know
security is a, you know
you can take a layered
approach to security.
So you've got to firstly
understand what is
your most valuable data, where are your
most valuable assets and layer up
the levels of security around those first.
So you make sure that
if the attacker gets in,
they don't get there
and you limit the damage
they can do and then of course
you limit their ability to
exfiltrate data and get anything
out of your organization.
Because I mean if they are just in there,
of course they can do some damage.
But, the real damage
happens when they can manage
to exfiltrate data and
do something with that.
>> So again Mary, it make sense
that artificial intelligence
or machine intelligence
could help with this
but specifically what do
you see as the future role
of Watson as it relates to cyber security?
>> So, I mentioned the shortage of
security professionals
and that growing problem,
okay so Watson in our cyber security space
acts as an assistant to
the security analyst.
So, we have taught Watson the
language of cyber security,
and Watson manages to
ingest vast troves of
unstructured security data, that means
blogs and you know, written
text of security data
from, that's available on the internet
and out there all day, everyday.
It just ingests this and
fills a corpus of knowledge
with this, with these
jewels of information.
And, basically that information and that
corpus of knowledge is now available to
a security analyst who, you know, a junior
security analyst could
take years to become
very efficient and to really be able to
recognize the needle in
the haystack themselves.
But with the Watson assistant they can
embellish their understanding
and what they see
and all of the, all of the relationships
and the data that
augments the detail about
a cyber incident you know,
fairly instantaneous.
And it, you know, really augment their own
knowledge with the knowledge that would
take years to generate, you know.
>> So, I wonder if we could
talk about collaboration
a little bit because
this is good versus evil.
You guys are like one of the super heroes
and your competitors are also
sort of super heroes.
>> Of course.
>> You got Batman, you got Superman,
Catwoman, and Spiderman, et cetera.
How do you guys collaborate and share
in a, highly competitive industry?
Well, they're vary as far as
you know, appearing for sharing
okay, so firstly you absolutely nailed
the importance for sharing
because you know, the
cyber criminals share on the dark web.
They actually share, they
sell their wares, they trade,
you know so very important
for us to share as well.
So, you know, there are
various industry forum
for sharing and also
organizations like IBM
have created collaborative
capabilities like we have our
X-force Exchange which is
basically a sharing portal.
So, any of our competitors
or other security
organizations or interested
parties can create
you know, a piece of work describing a
particular incident that
they are investigating or
a particular event that's
happening and others
can add to it and they
can share information.
Now, historically people
have not been keen to
share in this space so
it is an evolving event.
>> So speaking of super
heroes I got to ask ya,
a lot of security
professionals that I talk to
say well when I was a
kid I read comic books.
You know, I envisioned saving the world.
So, how did you, how did you get
into this, and was that you as a kid?
Did you like--
>> No, it wasn't.
I'm not a long term security professional.
But, I've been in technology and evolving
products for, you know,
in the telecommunication
business and now security over many years.
So, I got into this to
bring that capability
of delivering quality
software and hardware
products to the field back in 2013 when
a part of our IBM security
business needed some leadership.
So, I had the opportunity
to take my family
to Atlanta, Georgia to lead a part
of the IBM security business then.
>> Well, it's a very challenging field.
It's one of those, you know, never ending,
you know, missions so thank you for your
hard work and congratulations on all
the success.
>> Thank you David.
>> Alright, appreciate you coming
on The Cube, Mary.
>> Thank you.
>> Keep it right there
everybody, we will be back
with our next guest,
you're watching The Cube.
We're live from IBM Think 2018
in Las Vegas, be right back.
(pleasant music)
