Mr. Peter Evans
IBM Internet Security Systems
SecurityStockWatch.com: Thank you for joining us today, Peter.
Please give us an overview of your background and your role with IBM ISS.
Peter Evans: Thank you Martin. Over the course of my career
I have spent the majority of my time in the telecommunications and security
markets, working with large carriers on network-wide transformations,
and with enterprises to deliver both network and security solutions. In
my work with IBM Internet Security Systems, I am concerned with developing
new security solutions - from a market acceptance perspective - to address
emerging market needs.
SecurityStockWatch.com: One will read in a recent IBM press
release a comment by Mr. Tom Noonan, General Manager of IBM ISS, that,
"For many enterprises, security is broken". Please share with
us your perspective on this issue?
Peter Evans: Security is broken, and the marketplace is crying
out for a new approach to address a problem that is growing in both complexity
and risk annually. Traditionally, the industry's approach to security
has been characterized by stand-alone security products designed to address
the latest security concern. For viruses, the industry delivered anti-virus;
for spyware the industry delivered anti-spyware, and so on. As a result,
the average enterprise owns stand-alone security solutions from 32 different
vendors. These solutions are not interlinked, do not scale, and do not
adapt to the new forms of online threats or dynamic changes to the business
environment. What we are seeing consequently is a situation where the
spending on labor to manage security complexity is growing at three times
the rate of the growth of the security budgets. Unfortunately, despite
all this investment, in many cases the enterprises are no more secure
than they were five or more years ago.
SecurityStockWatch.com: IBM ISS recently announced new technology
for information security and compliance management. May we have an overview?
Peter Evans: IBM is announcing a number of new initiatives and
solutions that leverage our security capabilities across the portfolio.
Our latest efforts are aimed at rolling out integrated capabilities to
address data security. Data is the new currency for the enterprise, as
well as the crime syndicates. Businesses can have all the right checks
and balances in place, streamlined reporting mechanisms and processes,
and network and perimeter security, however, if the fundamental building
block -- the data is corrupt, then the results of any activity associated
with the data is in error. Securing data is a very complex problem that
cannot be well served by independent solutions for authentication, encryption,
leakage, removable devices, etc. Today's enterprises are looking for integrated
solutions that protect the data in transit, at rest, in motion, in use,
and throughout the lifecycle. It can be argued that no one knows data
better than IBM - we deliver the server and storage solutions, the business
intelligence tools and the applications to manage data for the largest
enterprises in the world. It is a natural extension then for IBM and ISS
to marry together the preemptive protection technologies found, for example,
in our Intrusion Prevention solutions with IBM's data portfolio and create
a unified solution to address the data security concerns. For example
IBM has launched a comprehensive solution for the Payment Card Industry
Data Security Standard, which is at its heart protection of data in the
form of credit card information.
SecurityStockWatch.com: How does IBM's risk management approach
differ from that of other vendors?
Peter Evans: There are several key tenants that differentiate
IBM Internet Security Systems approach from others. The first, and most
important, is that we are preemptive in nature. Other vendors still rely
on an "Event/Response" approach, where the enterprise must first
experience the security breach or event before protection is designed
to prevent a re-occurrence of the threat. This model isn't effective.
Why should an enterprise have to incur the pain of the threat, then to
add insult to injury, the cost to the go and patch the event Instead IBM
ISS developed an "ahead of the threat" approach whereby the
customer is protected in advance, by looking for known behaviors and patterns
of how threats execute. IBM is so confident in this approach, that any
enterprise that outsources the management of its security to IBM can receive
a guarantee of protection.
The second key approach that differentiates IBM is in the way the company
builds overall enterprise security solutions. Instead of stand-alone boxes,
designed for stand-alone issues, IBM looks at security as a systems problem.
IBM sees all of the parts of the network and security solutions as interlinked
components of an automated remediation system. The pieces work in harmony
with each other, sharing detected information and using the information
to learn about activities in the network, and then take the right laser-focused
approach to managing risk. It is similar to how the human immune system
operates, with a central nervous system correlating all the inputs from
various sources, and triggering the body as a whole to manage the risk.
Finally, by building this security platform on key components that reach
across the network, servers and desktop, we have created a system that
is adaptable and extensible to address new threats, or allow enterprises
to introduce new business applications such as VoIP or Wireless LANs,
without having to stack yet another siloed box on an already burdened
SecurityStockWatch.com: What are your key target markets and
what is your perspective on the market drivers for IBM ISS solutions at
Peter Evans: The 'sweet spot' for ISS solutions has
always been the large enterprises. These organizations, such as large
financial institutions, government and industrial customers, are typically
those with the most to lose, and therefore the first to adopt advanced
capabilities such as those found in our security solutions. In recent
years we have been expanding our offerings to address the growing need
in the small and medium business (or SMB) market, and in the carrier space.
This next generation of threats can just as easily target local businesses
as readily as multinationals. These mid-market customers are looking for
the same degree of advanced security as their larger counterparts. SMBs
realize they need to move beyond their traditional firewalls and anti-virus.
With limited resources and security skills to address the evolving threat,
many are turning to IBM preemptive solutions including IBM managed security
services to provide them the security they need.
In the carrier market, the rapid adoption of internet-enabled TV (or
IPTV), VoIP and multimedia (or IMS) services, is introducing new risks
that were not prevalent in the circuit switched world. Accordingly IBM
has been working with a number of carriers to not only protect these networks,
but also to enable "clean pipe" services, scrubbing malware
out of the traffic before it is delivered to the enterprise. This offers
the carriers the ability to deliver the productivity benefits of these
IP based networks, but also to create differentiated service value to
SecurityStockWatch.com: Are there some success stories you'd
like to talk about? Perhaps one in each of the financial, healthcare and
Peter Evans: We have numerous instances where our solutions
have protected customers from potential and real network risks. This means
everything ranging from power outages to illegally regulating water systems
to offloading customer data and everything in between. The crux of the
situation is without IBM's preemptive security solutions enterprises are
trying to protect themselves with defenses that are easily bypassed by
today's modern cyber-criminals. They believe their security infrastructure
is working when it isn't. And this creates an incredibly target-rich environment
for today's cyber-criminals.
SecurityStockWatch.com: What resources such as webinars, 'white
papers' and 'case studies' are available for end-users at IBM.com?
Peter Evans: There is a host of information available
to anyone looking for more information at ibm.com/security. Here people
can find industry specific information on securing telco or SCADA networks,
meeting PCI compliance, or secure solutions for the retail and distribution
environments, as well as specific white papers and documentation for building
a secure enterprise, alternative approaches to addressing security and
protecting data loss and leakage. Additionally, IBM provides ongoing education
through webinars and in-city seminars where subject matter experts provide
their views of specific topics. But the real gold IBM offers to your readers
is the research reports from the IBM X-Force. X-Force is the oldest and
most well known cyberthreat research organization researching the latest
threats, trends, and vulnerabilities, and publishing their findings in
quarterly and annual reports. This work is considered best-in-class in
the industry and is used by groups who fight cyber-terrorism around the
world as part of their arsenal of information.
SecurityStockWatch.com: What do you see as the major trends
CSOs and CISOs will have to deal with as we head into the end of this
Peter Evans: One of the key concerns that will emerge is how
to deal with those security issues that are outside of the control of
the CSO, but can impact and can cause risk to the business. As more DNS
servers become poisoned, online crime organizations become evermore sophisticated,
and remotely exploitable malware continues to propagate, one has to wonder
does the enterprise, or end-user even have a chance? The answer is yes,
but again, it will take a rethinking of how to address security - taking
a mental "right-angle turn." Tomorrow's security solutions must
be designed to adapt to human nature and human failure, and to use trust
models and other forms of validation and verification to manage risk,
and to do so in a fully automated way.
SecurityStockWatch.com: Thanks again for joining us today, Peter.
Are there any other subjects you'd like to discuss?
Peter Evans: At this point we have covered a broad
set of subjects; however I would invite you and the readers to continue
to watch what is happening at IBM. The security space is changing and
IBM intends to be the agent of that change and lead a revolution in how
the enterprise continues to deliver their customers value in a secured