Tag Archives: IBM

Mitie appoints Karen Thomas-Bland as programme integration director to oversee Interserve division merger

Mitie Group plc has announced that Karen Thomas-Bland will take up a newly-created role as programme integration director for Mitie’s merger with Interserve’s Facilities Management division. Thomas-Bland will now join Mitie’s executive leadership team reporting directly to CEO Phil Bentley.

The acquisition, the detail of which was announced on 25 June, is expected to close in the fourth quarter of 2020, subject to shareholder approval. Together, the combined companies will accelerate the delivery of Mitie’s long-term technology-led FM vision, creating the UK’s largest FM company with over 77,500 employees.

Thomas-Bland started her career in strategic consulting before moving to IBM. Over the past ten years, she has led numerous integration projects for large companies including Microsoft, the National Grid, Accenture and, recently, Reed Elsevier/RELX.

Karen Thomas-Bland

Karen Thomas-Bland

On the appointment, Phil Bentley stated: “I’m delighted to welcome Karen to Mitie. The integration of Interserve’s Facilities Management division is an opportunity for us to create a new company with a strong culture. Her wealth of experience will be invaluable at this transformative time. We’re determined to create a true UK FM champion to help Britain back to business in a post-COVID-19 world and Karen’s appointment is a key step forward in achieving that ambition.”

Thomas-Bland responded: “With the opportunity to bring Interserve’s Facilities Management division and Mitie together, I’m very excited to be joining at such a pivotal time. I’m looking forward to leading an integration team which will bring together the best of both Mitie and Interserve to create an unparalleled FM partner to UK business.”

Leave a comment

Filed under Security Matters

BCI European Awards 2017: Shortlist of finalists announced

The Business Continuity Institute (BCI) is pleased to announce the shortlist for the 2017 BCI European Awards. Some of the most outstanding business continuity and resilience professionals and organisations have made it to the final stage.

BCIEuropeanAwards

Continuity and Resilience Consultant 2017

Alberto Mattia (Panta Ray)
Petra Morrison (Daisy Group)
Werner Verlinden (Musena Consulting)

Most Effective Recovery 2017

BPER Banca
IBM
West Yorkshire Fire & Rescue

Continuity and Resilience Innovation 2017

Barclays Group Resilience
Crises Control
Everbridge

Continuity and Resilience Newcomer 2017

Elodie Huet (Arup)
Linda McAllorum (MUFG Investor Services)
Patrick Teves (Nestle Deutschland AG)
Timothy Dalby-Walsh (Needhams 1834)
Tinne Dewolf (Goffin Consulting)

Continuity and Resilience Professional (Private Sector) 2017

Joseph McClean (Ulster Bank)
Ken Clark (ARM)
Rob van den Eijnden (Philips)
Sarah Armstrong-Smith (Fujitsu)

Continuity and Resilience Professional (Public Sector) 2017

Carl Mayfield (Milton Keynes Council)
Rina Singh (NHS Professionals)
Russ Parramore (South Yorkshire Fire & Rescue)

Continuity and Resilience Provider (Service/Product) 2017

Alert Cascade
Business Continuity Training
ClearView Continuity
Send Word Now
Sungard Availability Services

Continuity and Resilience Team 2017

Aon
BT
Chief Fire Officers Association
Marks & Spencer

Sponsored by Sungard Availability Services, the BCI’s European Awards Gala Dinner and Ceremony takes place at The Principal Hotel in Edinburgh on Thursday 11 May. The awards will be presented by David Thorp, the BCI’s executive director.

Tickets to the event include reception drinks, a three-course meal with fine wines and the awards ceremony. Individual tickets costs £75.00 +VAT. Tables of ten are priced at £675 +VAT.

*To book your tickets for this event click here

Leave a comment

Filed under Risk UK News, Uncategorized

Genetec introduces new subscription-based ownership model for Security Center

Genetec, a leading provider of open architecture, unified IP security solutions, has announced a new subscription model for its flagship unified security platform designated Genetec Security Center.

Security Center Subscription introduces new flexible ownership and payment options that allow customers to gain access to Security Center on a ‘pay-as-you-go’ basis. Subscribing customers receive the same local, on-premises version of Security Center and pay for it on a monthly or annual basis, as opposed to purchasing the entire system up front.

When purchasing on subscription, customers also benefit from the Genetec online support resources and qualified support professionals’ expertise either by phone or through live chat, as well as access to Security Center Cloud services with risk-free trials included in the price.

Security Center Subscription is available immediately through the new Genetec self-service portal.

GenetecSecurityCenter

Changing business model

A recent Gartner industry report noted that, by 2020, more than 80% of software vendors will change their business model from traditional license and maintenance to subscription, regardless of whether the software resides on-premises or in the cloud.

Along with the flexibility and affordability of a subscription model, the Gartner report finds that the value of short-term predictability trumps long-term costs, particularly when the ease of adding or relinquishing licenses is included in the picture.

The subscription model also moves the purchases from capital expenditure (CAPEX) to operational expenditure (OPEX). This enables customers who are looking to upgrade their systems to Security Center to do so from operational budgets allocated to their older, less capable security software.

“In the past few years, companies like Adobe, IBM, Oracle, Netflix and many other software companies have adopted flexible buying models with impressive success, offered as Technology-as-a-Service via the cloud or as a traditional on-premises installation with monthly or annual renewals,” said Andrew Elvish, vice-president of product management and marketing at Genetec.

“Genetec is leading the way in the physical security industry by offering customers an alternative ownership option for our successful video surveillance platform. Not only will customers enjoy the same fully-featured version of Security Center, but they will do so with lower up front expenditures, predicable recurring costs and access to the latest releases and Genetec support resources, all at no additional charge.”

Introducing Security Center Compact

As part of its new subscription model, Genetec is introducing Security Center Compact, a new entry-level edition of Security Center.

Only available through subscription, Security Center Compact supports up to 25 cameras and provides an easy ‘no training required’ option for customers with basic video management requirements.

A good fit for smaller sites, Security Center Compact systems can also be linked to larger systems through the Genetec Federation feature, allowing for centralised monitoring (as seen with city-wide surveillance and multi-site businesses or campuses).

The Compact edition features all of the camera integrations available in the enterprise edition of the software such that customers can choose the vendors they want to work with and design a system that best suits their business.

In addition to providing smaller site video surveillance, Security Center Compact offers a clear path as an organisation’s security needs evolve over time. Security Center Compact end users can simply update their subscription and purchase a higher edition of Security Center as their system grows, in turn avoiding the need to install and/or re-deploy new system software.

Introductory 90-Day Trial for Compact Edition

Beginning this month, Genetec-certified channel partners can sign up for a 90-day trial of Security Center Compact. To take advantage of this limited-time promotion, channel partners should visit the Genetec Channel Partner Portal for an instant download.

*For more information about Genetec Security Center Subscription and Genetec Security Center Compact visit: http://www.genetec.com/subscribe

Leave a comment

Filed under Risk UK News, Uncategorized

Vanderbilt builds on security market success with duo of senior management appointments

Vanderbilt International, the state-of-the-art security systems developer, has strengthened its senior management team with two key appointments. Peter Mueller has joined the company as its new Chief Information Officer (CIO) and executive committee member, while Rickard Hammarberg will take on the role of sales hub head for Sweden.

Mueller’s impressive career spans over 30 years in business, where he was a management consultant for international blue chip companies including Deloitte, Arthur D Little and IBM. A graduate of the University of Münster, for the last seven years he has served as Professor in MBA Programs at the Ho Chi Minh University of Technology and Adjunct Professor at Beijing Normal University as well as being a visiting Professor at universities throughout India.

Mueller will now facilitate a strong alignment with Vanderbilt’s Information Technology, business and management functions.

Commenting on his new role, Mueller told Risk UK: “As CIO, I’m looking forward to identifying areas where we can use technology to make our overall operation more efficient and cost-effective and improve the service we offer to our ever-growing customer base. This will ensure that we maximise our competitive potential in what is a highly competitive market, while at the same time delivering value and adapting to changing working practices such as remote working.”

Peter Mueller

Peter Mueller

For his part, Rickard Hammarberg brings a wealth of experience to Vanderbilt gained over 20 years of working in the security industry, during which time he has amassed considerable knowledge about the technology and trends within the CCTV and access control sectors.

His previous positions include a variety of national and international roles, among them a two-year stint in the UK as team leader at Bewator. Hammarberg’s most recent position was regional sales manager for the Nordics at Lenel Systems International. He has also worked for BIAB Larm and YIT Sweden.

Hammarberg is now tasked with increasing the company’s profile in Sweden and the wider Nordic region, as well as setting the strategic business plan and sales strategy to build the brand and develop long-term relationships with its customers.

He commented: “I’m convinced that Vanderbilt’s ranges of access control, intrusion alarm and video surveillance products offer unrivalled levels of performance, flexibility and user-friendliness. This all makes them perfect for the Swedish market, and I’m now looking forward to playing my part in the company’s growth strategy and taking myself and my team to new levels of success.”

Welcoming Mueller and Hammarberg on board, Joseph Grillo (Vanderbilt’s managing director) stated: “Since acquiring Security Products from Siemens in April 2015, Vanderbilt has reinforced its position as a global leader in state-of-the-art security systems. Having Peter and Rickard on our senior management team will really help us in our mission to expand our presence in the security business sector and provide a level of service that’s agile, flexible and always meets our customers’ needs.”

Leave a comment

Filed under Risk UK News

BSI publishes BS ISO 37500: Guidance on Outsourcing

BSI – the business standards company – has published BS ISO 37500: Guidance on Outsourcing, the first overarching ISO standard to set out the generic principles and procedures of outsourcing and assist businesses in accessing a common vocabulary on which to base their communications.

The value of outsourcing has already been noted by those organisations who want to increase efficiencies and reduce costs by contracting work to external third parties. This practice – which encourages mutually beneficial collaborative working relationships – has grown over the past 20 years and is estimated to generate revenues in the region of trillions of US dollars per annum.

Nevertheless, there are challenges and hazards to be encountered. Not all outsourcing deals are a success. Some can fail dramatically – and publicly – while others simply fail to perform well.

BSI ISO 37500 can help organisations boost their business efficiency, gain better value and help avoid costly mishaps. It can assist and support customers, service providers and third party advisors (such as lawyers and consultants) involved in outsourcing.

In particular, it will help organisations to identify the business case for outsourcing, select the most appropriate customer or provider partner, transition to the new operating model and deliver value through the relationship.

BS ISO 37500 can assist and support customers, service providers and third party advisors (such as lawyers and consultants) involved in outsourcing

BS ISO 37500 can assist and support customers, service providers and third party advisors (such as lawyers and consultants) involved in outsourcing

BSI ISO 37500 is relevant to all markets including manufacturing, retail, financial services, the public sector and facilities management.

Dan Palmer, head of market development for manufacturing and services at BSI, explained: “Outsourcing can apply to any business in any industry and in any location. By providing common practices, concepts and procedures that can be used to manage the outsourcing life cycle, BS ISO 37500 will improve the understanding of everyone involved in the process and lead to greater success.”

Benefits of BS ISO 37500

• Improved operability by harmonising communications between organisations engaged in – or in the process of engaging in – outsourcing in national and international markets
• Includes the terminology, concepts and procedures to improve the understanding of all parties involved in outsourcing
• Uses a common vocabulary for outsourcing communications, avoiding misunderstandings and incorrect and/or unrealistic expectations and reducing transaction costs
• Boosts business efficiency which will benefit everyone involved in the process

The international standard was developed by experts from countries including Canada, Germany, India, Malaysia, Netherlands and the UK. Additional UK input came from organisations including AEGON, BP, CapitalOne, DWF, Gartners, IBM, the National Outsourcing Association and PwC.

Adrian Quayle, chairman of the ISO Committee which developed the standard, added: “The benefits of using a standard such as BS ISO 37500 are clear. It provides the cornerstones of what businesses need to get right when they’re outsourcing. The application of this guidance provides all parties involved in outsourcing activities across the life-cycle with the assurance that business objectives can be achieved by using common governance and processes.”

Leave a comment

Filed under Risk UK News

IBM launches new software and consulting services to help organisations tackle $3.5 trillion lost annually to fraud and financial crime

IBM has introduced new software and services to help organisations use Big Data and Analytics to address the $3.5 trillion lost each year to fraud and financial crimes. Through sophisticated business expertise and analytics, organisations can adopt an holistic approach to address the financial losses caused by fraud while at the same time protecting the value of their brands.

As part of today’s news, IBM has launched its ‘Smarter Counter Fraud’ initiative, drawing on the expertise and innovation from more than 500 fraud consulting experts, 290 fraud-related research patents and $24 billion invested in IBM’s Big Data and Analytics software and services capabilities since 2005.

The initiative actively extends IBM’s leadership in Big Data and analytics and Cloud to help public and private organisations prevent, identify and investigate fraudulent activities.

Today’s announcement comes at a time when a new generation of criminals are using digital channels – such as mobile devices, social networks and cloud platforms – to probe for weaknesses and vulnerabilities.

The pace of this threat continues to accelerate. Identity fraud impacted more than 12 million individuals in 2012, resulting in the theft of nearly $21 billion. Each day, the US healthcare industry loses $650 million due to fraudulent claims and payments.

IBM's Counter Fraud Infographic

IBM’s Counter Fraud Infographic

Holistic approaches to countering fraud

To address these complexities, IBM is delivering new software that allows organisations to gain better visibility and take a more proactive, holistic approach to countering fraud. This includes the ability to aggregate Big Data across a variety of internal and external sources – including mobile, social and online – and apply sophisticated analytics that continuously monitor for fraudulent indicators.

The new offerings feature advanced analytics that understand non-obvious relationships and co-occurences between entities, new enhanced visualisation technologies that can identify and connect fraudulent patterns closer to point of operation and machine learning to help prevent future occurrences based on previous attacks and behaviors.

Leading analysts estimate that market demand for fraud and risk solutions is quickly accelerating. According to Gartner*, 25% of large global companies will have adopted Big Data analytics for at least one security or fraud detection use case, up from 8% today, and will achieve a positive return on investment within the first six months of implementation by 2016.

IDC estimates that the market for financial crime solutions alone will be nearly $4.7 billion in 2014, with a 5.5% CAGR over the 2014-2017 forecast period**.

Adapting to emerging threats

“With today’s news, IBM is applying many of the same tactics, techniques and procedures used by the intelligence and law enforcement communities to help commercial organisations take a holistic view of this growing and pervasive threat,” said Robert Griffin, vice-president of IBM Counter Fraud Solutions.

“These technologies allow line of business leaders to quickly adapt to emerging threats across the entire organisation. Our new initiative puts Big Data and analytics into the hands of those tasked with defending their organisations from financial losses, protecting the brand and delivering exceptional customer service.”

IBM is unique in its ability to combine market-leading software, services and research capabilities to address the full spectrum of fraud and financial crimes – from tax evasion, money laundering and cyber attacks to threats from inside the organisation. For example, the new offerings can detect cross-channel mobile fraud and prevent cyber crime enablers like phishing scams. They can enable an insurance company to review thousands of claims in real-time to flag potentially fraudulent activity while processing legitimate claims faster, or help a global bank more accurately detect and investigate money laundering activities to meet regulatory compliance.

Details of the new software and services

IBM’s new counter fraud portfolio builds on the company’s unmatched R&D investments and the recent acquisitions of Cognos, i2, SPSS, Q1 Labs, Trusteer and SoftLayer.

The new software and services include:

Counter Fraud Management Software
A single offering that brings together IBM’s Big Data and analytics capabilities to help organisations aggregate data from external and internal sources and apply sophisticated analytics to prevent, identify and investigate suspicious activity.

It includes analytics that understand non-obvious relationships between entities, visualisation technology that identifies larger patterns of fraud and machine learning to help prevent future occurrence based on previous attacks.

To enhance these capabilities as new threats emerge, IBM has also launched a new counter fraud intelligence task force – IBM Red Cell – that will work in tandem with the IBM X-Force unit to continuously research trends, develop strategies and deliver enhancements to the software and services R&D Team.

Counter fraud service offerings
Industry-aligned services that combine IBM’s consulting, software and technology expertise to help clients improve their counter fraud programs, including:

· Outcome-based Accelerators: Evaluate an organisation’s counter fraud capabilities and provide rapid prototyping to demonstrate business value for enterprise-wide protection.

· Target Operating Model: Design organisational constructs, operational governance and technology architecture to better detect to fraud and respond and investigate exposures.

· Scale and Manage: Fast implementation of strategies and technological dimensions to customise and run counter fraud programs tailored for each client.

Fraud discovery assets
A portfolio of customisable, research-developed assets that use analytics to discover fraud, waste, abuse and errors in data intensive industries and functions. These assets analyse an organisation’s internal data to measure behaviour and then compare the results within specific peer groups to identify anomalies that indicate suspicious activity.

Based on the results, an investigation recommendation is made.

The assets are available across industries for enterprise-wide discovery. The fraud discovery assets will be available in the cloud, enabled by IBM SoftLayer, with focus on the following areas:

· Medical Fraud: Discovers fraud during provider, beneficiary and internal employee profiling using IBM’s Fraud Asset Management System (FAMS).

· Insurance Claim Fraud: Enables insurers to detect suspicious activity for claims submitted by vendors, brokers and individuals using IBM’s Loss Analysis and Warning System (LAWS).

· Public Tax Fraud: Empowers Governments to address tax gaps by uncovering tax evasion activities and filing inaccuracies using IBM’s Tax and Audit Compliance System (TACS).

· Occupational Fraud: Helps organisations discover fraud for accounts payable, travel and expense claims and other fraud committed by employees.

Counter fraud as a service
IBM will offer four levels of counter fraud capabilities as a service – including Hosting, Application Management, Behaviour Modelling and Scoring and Analytics and Referral Generation – that use a subscription-based model to give clients flexible choices that match their business needs and technical requirements.

IBM’s Counter Fraud Center of Competency gives clients global access to expertise including fraud industry experts, advanced analytic capabilities and technical implementation services.

London Borough of Camden: Case Study

IBM has a long history of working with hundreds of counter fraud clients such as the London Borough of Camden in the UK, which is using IBM Big Data and Analytics technology to streamline processes, improve services, reduce tax fraud and increase revenue.

Working with IBM, Camden has been able to create a ‘Residents’ Index’, in turn uniting information from multiple services to create a single, consistent view of all resident data (including the services they’re accessing).

“Information we once considered unobtainable is now within our grasp,” said Hilary Simpson, head of ICT business partnering at the London Borough of Camden. “We have identified at least a dozen specific examples where a Residents’ Index based on IBM Big Data and Analytics technology can help us. We have estimated that the solution could help to cut single person council tax discount fraud by 5%, potentially delivering major savings for our borough.”

For more information about IBM’s Smarter Counter Fraud initiative, visit: http://www.ibm.com/smartercounterfraud

Follow the conversation on Twitter at #counterfraud

Notes

*Source: Gartner Report ‘Reality Check on Big Data Analytics for Cyber Security and Fraud’ (January 2014)

**Source: IDC Financial Insights ‘Pivot Table: Worldwide IT Spending 2013–2017 — Worldwide Risk IT Spending Guide, 1H13, Doc # FIN240400’ (March 2013)

Leave a comment

Filed under IFSECGlobal.com News

BCI Report: ‘Counting the cost of ineffective business continuity’

Coinciding with Business Continuity Awareness Week 2014 (which runs from 17-21 March), The Business Continuity Institute has published an excellent and detailed report designed to highlight the cost of common threats (such as IT and telecommunications outages, data breaches, cyber attacks and adverse weather conditions) to organisations.

Entitled: ‘Counting The Cost: a meta analysis of the cost of ineffective business continuity’, the report demonstrates why it’s so important for organisations to have a business continuity plan in place that can help prevent a drama from becoming a crisis.

As highlighted by the new report, an effective business continuity management programme can spell the difference between organisational resilience and financial ruin.

Put simply, a single incident can cost an organisation millions of pounds and rapidly demolish its reputation.

Key findings of the new report

Some key findings contained within the BCI’s latest report are as follows:

• According to a recent IBM study on professionals dependent on high-availability IT, the cost of an IT/telecommunications outage can vary from US$1.04 million to US$14.25 million over 24 months. On average, minor incidents cost US$53,210 per minute of downtime. Further losses due to reputation-related costs can add up to US$5.27 million for substantial incidents.

• Analysis by The Ponemon Institute reveals that the average cost of data breach and cyber attacks stands at an average of US$11.6 million on an annual basis. Organisations report costs ranging from US$1.3 million to US$58 million to resolve these incidents. Case Studies reveal staggering losses of up to US$4 billion due to severe incidents of data breach and cyber attack.

• A Munich Re report shows that combined household and corporate insurance payouts for weather-related damage in the United States alone cost US$12.8 billion in 2013. Extreme weather phenomena have increased the severity of damage and value of insurance claims.

Business Continuity Awareness Week 2014 runs from 17-21 March

Business Continuity Awareness Week 2014 runs from 17-21 March

Business continuity: a focus for everyone

Patrick Alcantara, research associate at the BCI and author of the report, commented: “The aim of the report is drive home the message that business continuity is not the sole domain of an organisation’s business continuity specialist. Ensuring an effective, robust business continuity programme is also the responsibility of management, budget holders and the rest of the staff.”

Alcantara added: “At a time where cutting budgets is the norm, it’s important to be reminded of the cost of being caught flat-footed in an incident. The false economy created by cutting down on business continuity may create bigger problems that may impact on both organisational resilience and viability.”

Copies of ‘Counting The Cost: a meta analysis of the cost of ineffective business continuity’ can be obtained by visiting the BCI’s website.

Notes
It’s important to note that, as the figures are rough estimates of the actual cost of disruption, organisations are highly encouraged to think about their specific context in order to arrive at more appropriate data.

The ultimate aim is to start a conversation among organisations and budget holders using readily understood and comparable data in order to maintain business continuity investment.

Leave a comment

Filed under IFSECGlobal.com News

AT&T and IBM simplify cyber security management through new joint venture

AT&T* and IBM have announced a new strategic relationship to give businesses a simplified, single-source for network security and threat management.

The two companies will offer business customers a new joint service combining security network infrastructure with advanced threat monitoring and analytics. The new service is initilly available in the US with plans for global expansion.

Cyber threats have become a Boardroom agenda with the potential to bring down an organisation’s network, create compliance issues, damage bottom lines and impact brand reputation.

Additionally, disparate security technologies create ‘security silos’ and can increase the cost and complexity of security management, making it almost impossible to uniformly monitor security threats across IT environments.

The new service from AT&T and IBM will help businesses address these challenges with a highly secure network infrastructure, analytics and the optimal blend of on-premise and next generation cloud-managed security capabilities.

AT&T and IBM will improve the management of these capabilities with the following customer benefits:
• Reduced costs and minimised complexities
• Advanced visibility with intelligence and control across diverse IT environments
• Simplified infrastructure with less need for security hardware, licenses and maintenance

Specifics of the joint offer

Individually, AT&T and IBM boast world class IT security data monitoring operations, each generating advanced security threat intelligence from the billions of security events they track each day.

Together, the companies will create a combined security intelligence source and analytics capability that will be “unmatched” in the industry.

The new offering is comprised of proven solutions from AT&T and IBM. Specific elements of the new offering include Network Security Infrastructure and Managed Security Services from AT&T, including network-based firewall, IDS/IPS, web filtering, secure e-mail gateway and distributed denial of service (DDoS) protection services for security devices managed on premise or in the AT&T cloud.

IBM capabilities include IBM Network Security Consulting to assess and transform network security, IBM Security Monitoring and Threat Intelligence for faster threat detection and response and IBM Emergency Response Services for around-the-clock security expert support in responding to sophisticated attacks and helping remediate them.

“With today’s constantly changing threat environment, companies need cost-effective solutions that provide end-to-end protection alongside real-time monitoring and response operations,” said Andy Daudelin, vice-president (security services) at AT&T Business Solutions. “We’ve created an unparalleled solution with the combined strength, reliability and agility of AT&T network-based security services and IBM threat intelligence and analytics.”

Kris Lovejoy – general manager for IBM Security Services – added: “Organizations are finding great benefits with hybrid IT strategies that blend mobile, cloud-based and on-premise IT resources. However, securing these infrastructures can be complicated without a single, integrated management system that avoids creating silos of security data making it almost impossible to uniformly monitor security threats across environments. IBM and AT&T have come together to offer unprecedented security services designed to break down those silos and better secure data no matter where it resides.”

“This is an advantageous combination of industry-leading network-based security, consulting, and analytics,” commented Christina Richmond, program director for infrastructure security at IDC.

“AT&T and IBM are meeting a real market need with a robust end-to-end security solution that provides enterprise customers with both integration and simplicity.”

Note: *AT&T products and services are provided or offered by subsidiaries and affiliates of AT&T Inc. under the AT&T brand and not by AT&T Inc.

Leave a comment

Filed under IFSECGlobal.com News

IBM unveils security forensics capabilities to help protect critical data

New analytics and automation will assist any IT security team in quickly identifying and then defending against hidden threats.

IBM has announced a powerful appliance for helping organisations diagnose and defend their critical data and enterprise networks against sophisticated external attacks and unauthorised insider activities.

Since 2010, the IBM X-Force Trend and Risk Report has been reporting on the alarming rate of how cyber attacks continue to occur.

As data breaches impact organisations, the need to reduce detection time and investigate these threats before they can significantly impact the business is critical.

Cyber criminals often gain access to a corporate network weeks or months before actual data is compromised. According to the IBM X-Force Threat Intelligence Quarterly, to be released next week, in 2013 more than half a billion records of personally identifiable information were leaked through a number of attacks against strategic targets.

By detecting malicious activity much earlier, organisations can more quickly stop or reduce the potential loss of data.

IBM Security QRadar Incident Forensics: the detail

IBM Security QRadar Incident Forensics, a new software product designed as a module for the QRadar Security Intelligence Platform, can help security teams retrace the step-by-step actions of sophisticated cyber criminals.

By adding this forensics capture and search module to its QRadar Security Intelligence platform, IBM can further strengthen its clients’ abilities to efficiently investigate security incidents and understand the impact of any suspicious activity.

QRadar Incident Forensics provides a record of activity on the network, in turn enabling organisations to retrace suspicious activity, provide alerts to growing concerns and offer forensics search capabilities.

“Every breach is a race against time,” said Brendan Hannigan, general manager of IBM Security Systems. “This new forensics module expands the breadth and depth of IBM’s security intelligence capabilities. QRadar Incident Forensics further helps IT staff prevent emerging threats and better determine the impact of any intrusion.”

IBM Security QRadar Incident Forensics will help any member of an IT security team quickly and efficiently research security incidents or test for conditions associated with an observed attack pattern from an Internet threat intelligence feed such as X-Force.

By using this guidance, security teams can avoid spending valuable time searching through petabytes of network traffic, and potentially discovering nothing of immediate value. With QRadar, security analysts can quickly collect security data related to an incident.

Further announcements in Q2 2014

This solution is just one of IBM’s new initiatives aimed at expanding its security intelligence capabilities. In the second quarter of 2014, IBM will introduce new capabilities to help organisations better understand the threat landscape.

IBM Advanced Cyberthreat Intelligence Service will provide customers with insight into the threat landscape, targeted attacks and attacker tools, tactics and practices, incorporating IBM’s own research with that of strategic partners specialising in threat visibility.

Additionally, IBM’s Active Threat Assessment complements this ongoing threat intelligence and visibility. It leverages technical assessment capabilities and Best of Breed tools to identify previously unrealised active threats while also modeling threats to unmitigated vulnerabilities in an enterprise environment.

IBM Security QRadar Incident Forensics, which is currently planned to be available in the second quarter of 2014, is an integrated module in IBM’s QRadar Security Intelligence platform.

Also part of this announcement, IBM is now allowing existing QRadar clients to test this solution as part of a beta program.

About IBM Security

IBM’s security portfolio provides the security intelligence to help organisations holistically protect their people, data, applications and infrastructure.

IBM offers solutions for identity and access management, security information and event management, database security, application development, risk management, endpoint management, next generation intrusion protection and more.

The company operates one of the world’s broadest security research, development and delivery organizations, monitoring 15 billion security events per day in more than 130 countries and holding more than 3,000 security patents.

For more information on IBM security visit: http://www.ibm.com/security

Leave a comment

Filed under IFSECGlobal.com News

IBM: ‘Advancing Cyber Security Education for the Next Generation’

In a world of increasing information security threats, academic initiatives focused on cybersecurity are proliferating and yet there is still the danger of falling short in addressing the long-term threat. Here, IBM argues that only by working in concert can organisations meet today’s demand while educating the next generation to create a more secure future.

The number of cyber security academic programs around the world – whether called information assurance, security engineering or information security – has increased significantly over the past decade. One reason for this growth is the very strong demand from industry and Government for trained professionals as both groups are facing a significant skills gap.

In fact, over half of industry respondents in a recent survey by industry group (ISC)2 said that they had too few information security workers on their staff. A UK Government report suggests that it may take 20 years to address current and future information and communications technology (ICT) and cyber security skills gaps.

To rectify this situation, Governments have launched a number of programs, working with industry and academia, to encourage more professionals to enter the cyber security field.

In the United States, over 160 academic programs have been certified as National Security Agency/Department of Homeland Security National Centers of Academic Excellence in Information Assurance.

Meeting the demands of tomorrow

Only by working in concert can organisations, Governments, industry and the academic community meet today’s demand while preparing a new generation of professionals for future challenges.

The key question is: what needs to be done next?

Bridging the Cyber Security Skills Gap

Academic programs must strive to balance the near-term requirements of industry and Government while educating future faculty members and researchers, developing more internships and fellowships and continuing investments in research.

The following are the key initiatives of prime importance in the development of cyber security education…

1. Increase awareness and expertise
Raise the level of awareness across the academic community. Cyber security is no longer a hidden area embedded in computer science or engineering disciplines. Programs need to graduate more computer scientists and engineers with hands-on training and the ability to design and develop secure systems from the start.

2. Treat security education as a global issue
Cyber security issues know no boundaries. Institutions need to share and collaborate with other programs around the world. Academics from more mature countries should increase their formal collaboration with those in emerging countries to help address the skills gap. Such initiatives could include distance learning programs and the sharing of curriculum and Best Practice among educators.

3. Approach security comprehensively, linking technical to non-technical fields
Adopt a curriculum that has an holistic and interdisciplinary approach. Security education should cover infrastructure, people, data, applications, ethics, policy and legal issues. Business and public policy schools should focus on creating better security policy and governance and training future information security leaders, such as Chief Information Security Officers.

4. Seek innovative ways to fund labs and pursue real-world projects
Resources may always be tough to come by. Industry, Government and academia must come up with novel ways to give students practical experience. Providing internships and design contests are one way to overcome this challenge. Other alternatives include cloud-based or virtualised ranges, simulators and test beds.

5. Advance a ‘Science of Security’
Place emphasis on the creation of a discipline of security science with fundamental concepts and a common vocabulary. This new science should focus on anticipating security problems, not just reacting to attacks. It must include scientific methodologies and incorporate ‘reproducibility’ and proofs in the design of security systems.

Now is the time to act

These recommendations offer ways in which to make cyber security education more effective in the short and the long term. By breaking down barriers and working in concert, it’s possible to better address current and emerging challenges.

The cyber security community must maintain the current level of enthusiasm and effort in the field while keeping an eye on longer-term goals.

The academic community will achieve more by collaborating broadly. Governments must invest in programs that advance the science behind cyber security, along with fundamental education in science, technology, engineering and mathematics.

At the same time, industry must provide technology, opportunity and expertise.

It will take all of us to create a more secure future.

Leave a comment

Filed under IFSECGlobal.com News