The Masters is known for its many timeless traditions. The azaleas of Amen Corner. The Green Jacket. The pimento cheese sandwiches. But there’s also a modern twist with the way the Masters uses data as the foundation of its digital experience, enjoyed by millions around the world through the Masters website and app.

However, as with any high-profile event, it’s not uncommon for the Masters digital platform to see nearly 75 million security-related events throughout the course of the tournament. That’s why IBM and the Masters Digital team use IBM Security QRadar to monitor for potential cyber threats to help protect the digital infrastructure — and reputation — of the Masters.

From data to digital experience

The digital journey begins with every golf shot generating more than 30 distinct data points, from scores and stats to the distances and exact x, y, and z coordinates of every ball. Dozens of cameras, microphones, lasers and volunteers collaborate to collect vast amounts of information, which then moves into the Masters hybrid cloud infrastructure, gets combined with other data, is processed by AI services, and ultimately lands in the Masters app.

The app boasts a number of innovative features, including AI-generated player insights and the My Group playlist, which allows digital patrons to watch every shot, on every hole, from all their favorite players. By combining six years of historical Masters data with AI, the app uses more than 1,600 machine learning models to generate hole-by-hole predictions throughout the rounds. And IBM’s AI highlight solution measures excitement levels of more than 20,000 video clips to build the “Round in 3 Minutes” highlight reels for every player, just minutes after they complete their round.

Security at the Masters

Monitoring cyberthreats

The Masters digital platform has already seen nearly 75 million security-related events. With so many security events happening simultaneously, the ability to use automation to monitor activity in near real-time is critical. Throughout the tournament, QRadar continually monitors data transmissions and user activities for digital fingerprints and suspicious behavior for potential threats. QRadar also uses its hybrid cloud monitoring capabilities to collect data from different sources and analyze it in real time for potential threats. It is essentially doing triage, monitoring all the different touchpoints and devices, and identifying the most serious threats.

QRadar Advisor with Watson then cross-references that data with both internal and external threat intelligence databases, such as IBM’s own X-Force Exchange. It looks for correlations between activity on the Masters platform and security activity elsewhere in the world. It uses natural language processing to read online security information, from blogs to internet chatter, both before and during the event. By examining any online fingerprints from known attackers, Watson looks for indicators of compromise, which help pinpoint vulnerabilities and help predict the likelihood of an attack.

Mitigating threats on and off the green

With an event the size of the Masters, cybersecurity professionals can’t efficiently focus on every single potential security-related event. QRadar provides a cognitive analysis of the events and then prioritizes which events the security team should focus on. Additionally, the analysts receive details about the best way to respond.

After identifying a potential attack, the cybersecurity team can use the suggested mitigation actions to mitigate the threat quickly, to help reduce the risk of the cybersecurity incident disrupting the digital experience. With the QRadar built-in playbooks, the security team is positioned to track what has happened so they can escalate quickly, even when under intense pressure.

The Masters wants patrons to stay focused on the course and the players. And with the help of IBM QRadar, that’s exactly what they can do.

Request a demo of QRadar SIEM

More from Intelligence & Analytics

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Unmasking hypnotized AI: The hidden risks of large language models

11 min read - The emergence of Large Language Models (LLMs) is redefining how cybersecurity teams and cybercriminals operate. As security teams leverage the capabilities of generative AI to bring more simplicity and speed into their operations, it's important we recognize that cybercriminals are seeking the same benefits. LLMs are a new type of attack surface poised to make certain types of attacks easier, more cost-effective, and even more persistent. In a bid to explore security risks posed by these innovations, we attempted to…