Light Dark
July 31, 2018 By Christopher Hockings 3 min read
Artificial Intelligence
CISO
Incident Response

What’s it like to spend time with two renowned leaders in the cybersecurity field? Enlightening, to say the very least.

I recently sat down to speak with Sridhar Muppidi, chief technology officer (CTO) of cloud security and identity and access management (IAM) at IBM Security, and Shamla Naidoo, global chief information security officer (CISO) at IBM. During our conversation, Muppidi and Naidoo covered topics ranging from the research and development behind Watson and the roles of artificial intelligence (AI) and blockchain in cybersecurity to advice for responding to emerging threats.

IBM Security CTO Talks AI, Orchestration and More

In addition to his role at IBM Security, Muppidi is one of 101 active IBM Fellows. He’s an executive sponsor of the IBM Australia Development Lab on the Gold Coast and encourages an open client engagement approach. As I observed him hosting a number of clients, we discussed a wide variety of cybersecurity innovations.

IBM is currently focused on bringing AI into the world in a safe manner. AI can help security teams boost their threat detection and response capabilities, minimize identity fraud, thwart insider threats and reduce false positives in application testing — to name just a few examples.

However, since adversaries have access to the same AI tools as defenders, IBM Research developed an Adversarial Robustness Toolbox to help secure AI systems from threat actors.

IBM is also developing several orchestration playbooks to ensure that the right analysts are using the right tools to perform the right tasks in the event of any security incident. Clients can experience a simulated cyberattack and practice their incident response playbooks at the IBM X-Force Command Center. These simulations help organizations understand the importance of a strong security culture, a robust response playbook and competent leadership in the face of a crisis.

Muppidi stressed that security is a team sport. For this reason, IBM created an ecosystem of vendors who work together through open interfaces and share intelligence and analytics to foster collaboration and defend against increasingly sophisticated threats.

Finally, Muppidi talked about the emergence of decentralized identity, which gives control of identity information back to users while mitigating the burden of data ownership for organizations. This is based on blockchain’s distributed ledger technology and cryptography. IBM is focused on developing open standards and enabling clients to create or participate in identity networks to solve business problems.

IBM CISO Says Size Doesn’t Matter When It Comes to Security

Naidoo is responsible for securing the entire corporation from emerging threats as the global CISO at IBM. She has the power of IBM Security technologies at her fingertips and uses them extensively in her role. I joined her for two board round tables and several client meetings in Melbourne and Sydney, Australia.

These peer-level conversations exposed the following:

  • The importance of scale: Cybersecurity challenges, approaches, investments and execution are the same for all companies — both large and small. The only difference is scale. As scale increases, it’s essential to invest in the right security technologies to account for the expanded threat surface that comes with this growth.
  • Consider organizational structure: It’s also important to consider your organizational structure. While security leaders should supply all executives and line-of-business leaders with best-in-breed technologies to protect data, they should also empower them to manage their own security and compliance whenever possible through training and awareness initiatives.

These insights reflect the diversity of thinking the cybersecurity community needs to combat the rising volume of threats and protect clients from increasingly sophisticated attackers.

A Critical Advantage in the Fight for Security

Organizations that aim to deliver cybersecurity services to their own customers should be prepared to be “customer zero” with these services. This helps to ensure that the quality of offerings stands up to market scrutiny and that clients experience the best possible outcome.

By delivering the same quality of products they use to protect their own networks, industry leaders like Muppidi and Naidoo can give their clients a critical advantage in the endless battle to protect corporate and customer information from data thieves.

Read the stories in the ‘Secure Start’ blog series — and learn from others’ mistakes

 |  |  |  |  |  |  |  |  |  | 
Christopher Hockings
IBM Master Inventor

More from Artificial Intelligence
May 17, 2024

How a new wave of deepfake-driven cybercrime targets businesses

5 min read - As deepfake attacks on businesses dominate news headlines, detection experts are gathering valuable insights into how these attacks came into being and the vulnerabilities they exploit.Between 2023 and 2024, frequent phishing and social engineering campaigns led to account hijacking and theft of assets and data, identity theft, and reputational damage to businesses across industries.Call centers of major banks and financial institutions are now overwhelmed by an onslaught of deepfake calls using voice cloning technology in efforts to break into customer…

May 14, 2024

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

May 14, 2024

3 recommendations for adopting generative AI for cyber defense

3 min read - In the past eighteen months, generative AI (gen AI) has gone from being the source of jaw-dropping demos to a top strategic priority in nearly every industry. A majority of CEOs report feeling under pressure to invest in gen AI. Product teams are now scrambling to build gen AI into their solutions and services. The EU and US are beginning to put new regulatory frameworks in place to manage AI risks.Amid all this commotion, hackers and other cybercriminals are hardly…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature