IT organizations need access to security tools that make it easier to identify anomalies that are usually indicative of a security breach. That “brain” first works to identify the natural operational rhythms of the business. Once those are determined it becomes a lot easier to identify unusual activity, such as a system that is sending large amounts of data at irregular hours of the day.

That capability is then integrated with IBM network operations centres around the globe that work to analyse 13 billion security events a day.

Once correlated information about that potential security threat suddenly gains a lot a more context.

The fact of the matter is that most security breaches are not discovered for months, even years. And it’s usually someone outside the IT organization that discovers it. Security intelligence is about giving the internal IT organization the tools they need to identify those breaches before anyone else does.

Ultimately advances in terms of integrating security intelligence with IT operational systems and even physical infrastructure will be made. But right now it’s all about giving companies that information they need to combat cyber criminals that are not only becoming increasingly sophisticated, but also more patient in terms of the extremes they are willing to go to in order to compromise a valuable target.

Finally I would say that the concept of self-learning is already integrated in today's security analytics solutions. Machine learning and data mining techniques are the basis for advanced correlation and predictive analytics.


The increasing amount of data to be processed actually requires automated methods and tools. Actually, we want to get a step beyond "self-healing".

Self-healing implies that there was a security breach beforehand. Our research labs are working on solutions that are "secure by design" and withstand any attack.

Based on your talks with C-suite executives, what type of threat scenario keeps them awake at night?

Scan the papers any day and this new reality is crystal clear. Confidential hospital patient records wind up on the Internet. Hackers are attacking networks, and employees are losing their laptops and smartphones along with the sensitive corporate data stored on them. These are all real-world examples with real legal, financial, and brand consequences. This is the stuff that keeps CIOs and Chief Information Security Officers (CISOs) awake at night.

The reality is that the new digital world provides huge opportunities, but it also creates new risks. Cloud and mobile computing are cost-effective ways for employees to tap data anytime, anywhere, but they also open the door to losing control of that data. Globalisation means that corporate networks are more far-flung. Digitising services and customer care helps companies cater to customers, but it can also lead to exposing much more data.

Discussing security with IT executives, it is clear that companies are committed to increase their level of protection and attempt to reduce risk but are struggling to understand gaps in their protection and to control the complexity of the multitude of security solutions available.