Throughout the US Open Tennis Championship, the infrastructure for USOpen.org and the mobile apps can see upwards of 3 million security events. While the vast majority of events are not serious, security analysts must quickly determine which are concerning to take immediate action. However, with such a large volume and variety of data, security analysts need to know where to focus their attention.
As the host of the digital platforms and official digital innovation partner for the US Open Tennis Championship over the past three decades, IBM maintains and secures the platforms. The 256 singles players on the court in the main draws, 850,000 spectators in the stands and 13 million fans watching at home are counting on IBM to ensure that a cybersecurity attack does not interrupt the premier tennis tournament.
Securing data and infrastructure
Every year, IBM iX, the experience design arm of IBM Consulting™, partners with the U.S. Tennis Association to create an exceptional experience. By using hybrid cloud technology and artificial intelligence (AI), IBM turns large amounts of data — from every shot on the court to player statistics — into insights that help fans feel more a part of the experience and increase their knowledge of the game.
IBM helps the US Open provide two key insights to fans via IBM Power Index and Match Insights with Watson. IBM Power Index uses 25 factors, such as player performance factors including win-loss ratio, win margin, rank differential, court surface, injury status, number and level of tournaments played, and round progression, to quantifies player momentum. Match Insights with Watson uses natural language processing, AI and statistical analysis to creates fact sheets for each singles match. Spectators both in the stands and at home can then understand why a specific player is predicted to win and which Win Factors attributed to that prediction.
However, providing these critical experiences does not happen with a single tool and network. The IBM team uses multiple environments, data types, devices, clouds and platforms to collect, analyze and report the vast amounts of data. A security incident can occur in any of these areas and disrupt the tournament experience. Throughout the US Open, the IBM team prioritizes cybersecurity with its world-class team and latest technology.
Determining the most urgent security issues
IBM turns to its IBM Security QRadar platform to guard the entire US Open technology environment — including endpoints, networks and cloud platforms. The cloud-based interface makes it easy for the security team, which is spread around the globe, to see real-time data on what is happening on the court as well as in the infrastructure. QRadar helps security teams detect, prioritize and respond to threats across the enterprise.
When IBM Security QRadar detects a threat, it flags the issue and assesses the threat based on parameters, such as threat type and magnitude, and the platform then assigns a threat level. The security analysts then automates the management of these threats. For example, an incident reported on the mobile app may simply be a cybercriminal looking for cracks in the armor and assigned a level 3 threat. IBM Security QRadar prioritizes the security event accordingly and does not take up analysts’ valuable time if it is deemed as inconsequential. However, if the platform suspects stolen credentials, then it assigns a level 10 threat, and security analysts are immediately notified.
Detection in action
So what does it actually look like when security analysts are sniffing and sussing out threats with QRadar?
Recently, the security team had been hit with an increasing volume of established and fly-by-night wannabe penetration testing scanners of the freelance variety. The US Open was no exception, experiencing scans from all the usual suspects and a handful of new ones, including a popular capture and statistical analysis organization.
Traditionally, the analysts had ignored these. They wouldn’t try to exploit anything; they would simply scan fervently, looking for open services. That was until a day after the US Open officially kicked off.
One security architect noticed a huge spike in scanning, topping at nearly 1,500 events within a minute and a half. Something seemed off. When he dug deeper, he found that contained within the larger spike was a smaller one, targeting specifically trivial file transfer protocol (TFTP) exploits.
The timing was so precise as to be concealed within the scan, he figured they had to be coordinated. The scan was the capture and statistical analysis site, but the exploit attempt was another IP. It was a VPS service, offering virtual machines for use.
Upon further investigation, he found more similarities. Both had the same cipher specs on the SSH port and both were running Zero MQ, a brokerless message controller, on Port 9002. It was too much of a coincidence.
As a result, the architect blocked the statistical analysis organization, to help lessen the number of US-based attacks against the US Open. Ultimately, QRadar allowed the analyst to dig into oddities to discover the truth.
Providing remediation insights for security events
It’s clear from the example above that, with time of the essence and the entire tennis world watching, the security analysts must quickly and effectively manage threats that IBM Security QRadar determines are severe. Another tool used to help analysts act fast is IBM Cloud Pak for Security, which provides millions of security blogs, articles and resources at their fingertips.
Based on the information provided by IBM Security QRadar, the IBM Cloud Pak for Security uses AI and natural language processing technology to recommend the specific steps and resources to remediate the cybersecurity threat. By saving valuable time, IBM reduces the risk of the spectator or fan experience being interrupted by a security issue.
As more technology elements, such as the IBM Power Index and Match Insights, have been added to the US Open spectator experience, the importance of security continues to increase. By using tools such as IBM Security QRadar and IBM Cloud Pak for Security, the security team makes sure that the focus of the tournament remains where it should be — on the court.