IBM Security CTO: AI a game changer for cybersecurity
Martin Borrett, IBM Distinguished Engineer and CTO of IBM Security Europe, on why AI is going to tilt the cybersecurity scales in favour of the 'good guys'.
Can you tell us more about IBM’s security business?
In the last six years, cybersecurity has become a strategic bet for IBM. It is about how do we change the game? What are the force multipliers we can use? Definitely, AI will have a growing impact on cybersecurity. We can use augmented intelligence to make 10 people as effective as 50. Another piece of it is collaboration. Cybersecurity is an interesting sphere because the bad guys are collaborating on the dark web. They are sharing tools and techniques. The good guys need to collaborate more, and I don’t think we are good at it when it comes to sharing the right information. A big part of our strategy is open collaboration.
In 2015, we have opened up our X-Force Exchange portal. All of our threat intelligence – around 700 TB of it, stuff which you’d have thought was proprietary, has been made freely available to our clients. We have launched an app store for security that allows users to create new value and build an eco-system. We have also launched Quad9 DNS service, which is designed to provide added privacy and protection to users.
Another big bet is around orchestration. Obviously, we are trying to automate things that can be automated, but we need more than that. If you have a security incident, how do you respond to that in the right way? How do you drive your runbook to get the best possible outcome from a bad situation? We have made that intelligent orchestration possible with IBM’s Resilient platform.
Should we plan to fail because it looks almost certain that we can’t keep the bad guys out?
I’d rather use a different phrase. A few years ago, we changed the narrative from you might be attacked to you will be attacked to you have been attacked. We have seen these boom moments – when disaster strikes, you have a breach and you lose customer records. Last year, we have seen this happen across many organisations of different sizes and in different verticals across EMEA. The question is: how do you respond? Organisations need to spend more time on their response plans. Not just theoretic plans but actually practicing it. This is the reason why we have set up a Cyber Range facility in Cambridge, Massachusetts, where we simulate cyber-attacks using live malware and real-world scenarios. It looks like a SOC and we put security teams under real pressure to see how they respond to security incidents.
Do you think AI and machine learning will drive the future of cybersecurity?
It is going to be a game changer. There is no doubt that we don’t have enough security skills. Everyone is looking to hire security people and they can’t find them. There is a limit to how many security incidents you can investigate, and how fast you can do it. This is where AI can help us. A case in point is our IBM Watson. We have taught it all about security, the very specific things we use in cyber today. Watson understands that, and it has got natural language understanding. Watson can read English, so it can take all the cybersecurity documents out there -all the useful research from academics, government bodies and companies like IBM – ingest it and make it useful. It is not possible for us to read 7,000 pages of information in a day. Watson can understand that information, reason through it and offer advice to security experts. For me, it is about man and machine. We are always going to need smart individuals with their moral judgement and intuition. We can’t replace the human element and we are not trying to.
