IBM security SIEM SOAR

IBM Steps Up to Showcase Unusual Security Competency

Last week, IBM had an analyst briefing on its security efforts and, unsurprisingly, it was one of the most comprehensive I have ever seen. For much of the 80s and 90s, upcoming companies like Apple, Microsoft and Sun Microsystems seemed to take security as an afterthought. For Apple, internal security was very important, but product security tended to fall under the security-by-obscurity strategy where what you did not know could hurt you. Microsoft turned security over to firms like McAfee and Symantec that seemed to gleefully aggressively market security exposures in Microsoft’s offerings to sell their patches. Sun Microsystems, while more security-focused than the others, seemed to be more concerned with hardening its buildings against attacks by terrorists (particularly after 9/11) than in making security a differentiator.

Since then, Sun Microsystems, or what was left of it, vanished into Oracle, Apple still practices security-by-obscurity, and Microsoft, in one of the biggest pivots in its existence, embraced the need for security, bought several security companies, and massively upped its security game. Throughout, IBM always had security as a top requirement. Employees were regularly trained and refreshed on security concepts, mainframe security capabilities evolved to become hybrid cloud solutions and, with the recent acquisitions of Randori and ReaQta coupled with the security-focused IBM cloud, it is now hard to find any company, software-, services- or hardware-based, that has a larger security focus than IBM.

Let us talk about why IBM is the reigning king of security solutions this week.

Cultural security

The first large tech company I worked for was IBM and, while there, I did security audits, owned security for marketing, and was nearly fired as a result of an executive intentionally leaking a highly classified report I’d authored (his goal was twofold: to get me fired, and to give our biggest client to our largest competitor who he quickly went to work for).

While I worked there and covered the company for the last fifty or so years, IBM has always taken security as a top priority. Even during the time when it had its lifetime employment policy and pensions where getting fired was impossible, just letting someone follow you into a building was grounds for termination. We received training in where you could and could not talk company policy, we were restricted from sharing anything from inside the firm outside it without permission, and the security classifications on our documents were enforced both for over and under classification.

Customers were considered as corporate family in that the rules surrounding security those customers were, at their least, as strong as the rules surrounding our own data. While I’ve worked with and at firms that have had undiscovered breaches by competitors, IBM caught two major attempts to steal its intellectual property which effectively knocked the companies that did it out of the market.

When it comes to security, IBM does not screw around.

IBM’s emerging offering

A few years back, I felt sorry for companies trying to bring to market the first comprehensive SIEM (Security, Information, and Event Management) tools because they could not sell them. The reason was that CIOs were too smart. SIEM tools could, with impressive accuracy, collect and report the security exposures in a firm, but IT did not have the labor or the financial resources to fix what the SIEM products reported. If compromised, those reports could point an attacker right where the firm was most vulnerable. SIEM was then enhanced with SOAR (Security Orchestration, Automation, and Response) which addressed the staffing issue but still required investment into yet another, albeit incredibly important, expensive security product.

But with both SIEM And SOAR, you could make the site more secure. IBM has, with the purchase of Randori and ReaQta, added two more categories that are proactive instead of reactive like SIEM and SOAR. They are ASM (Attack Surface Management) which dynamically calculates and reports on the potential attack surface, and EDR (Endpoint Detection and Response) which dynamically manages the endpoints for compliance and can be used to stress test the security of the site, an effort often called “Red Teaming.”

The result is a solution that can aggressively both anticipate problems and respond to attacks automatically through increased use of AI. Because of IBM Watson’s heritage, there is no other company with the level of AI competence that IBM has. This all falls under the IBM Security QRadar XDR solution.

There is one other security offering from IBM that makes it unique and that is its Quantum Safe offering. It provides a level of protection that anticipates the emergence of a hostile quantum computer that, without protection like Quantum Safe, could penetrate any encryption-based security solution in seconds.

Wrapping up

IBM has a unique focus on security that goes back decades and precedes by decades the creation of the security firms that we have come to know. From how IBM trains employees to how it protects its customers, the company stands alone with regard to its security focus and offerings. Their cloud offering, for instance, is security-first and is positioned to enhance, not replace, cloud offerings from companies like Amazon (with which it has a particularly strong partnership), Microsoft and Google, among others.

Most companies do not want to worry about security. They just want to do business. But in a hostile world, no one can take security lightly. For those industries that include healthcare, finance, government and pharma where security is a high priority, there may be only one security vendor capable of checking all the boxes, and that is IBM.

There was an old saying that no one ever got fired for choosing IBM when it comes to security. That saying appears to be true still.

Scroll to Top