In case you missed all the excitement yesterday, we proudly held two major events in Cambridge, Massachusetts, and Atlanta, Georgia, where we unveiled the new IBM X-Force Incident Response Intelligence Services (IRIS) team and told the world about our new global X-Force Command Centers and Cyber Range.

At both locations, we hosted industry and global thought leaders from government agencies, including the FBI and former counterterrorism leaders, as well as academia. We also hosted our own team of experts in incident response (IR) and managed security services (MSS).

Prepare, Prioritize and Respond

It’s straightforward and simple — we are addressing an important fact. It is critical that organizations prepare, prioritize and respond to the inevitability of a cyberbreach, whether at the hands of highly skilled and motivated external actors or insiders. We too often see the damages exponentially amplified by organizations that lack the proper planning and preparation to take precise and immediate actions when reactions are measured in minutes and hours. Failure to prepare often causes more damage than the attack itself.

Clients require innovation combined with expertise in world-class incident response and threat intelligence to detect, contain and prevent attacks quickly enough to minimize impact to customers and operations.

We’ve all heard about the catastrophic losses many organizations have faced. The key to reducing the impact of a breach is proactive planning and preparedness. Yesterday’s launch demonstrates IBM’s commitment to helping organizations address their cyberattack readiness and treat it from a multidimensional perspective.

1. Rehearsal and Crisis Leadership

With the rising need to organize and respond to cyberattacks such as distributed denial-of-service (DDoS) or ransomware, IT and security leaders need to train like any other defense force. Just like pilots use simulators to train for flight emergencies, the new IBM Cyber Range is designed to simulate a breach and help teams develop a more effective cyber resilience strategy and coordinated response plan.

The Cyber Range delivers simulations of common breaches and sophisticated attack scenarios that bring technical experts and executive decision-makers together, bridging a divide that often leaves organizations temporarily impaired when high-profile incidents occur. The simulation enables teams to practice and learn from their mistakes before they have to face a real breach. Through this type of practice, analysts can become adaptive. This alone can save a significant amount of time in response and investigation, which is often the most costly part of a breach.

2. Innovation in Detection and Response

The primary challenge for many organizations in dealing with a breach is often resources. Humans are limited in their ability to analyze and disseminate attack information and to share that information as fast as a network. Given the unprecedented speed and frequency with which cyberattacks are being leveled daily, organizations turn to MSS to combat the magnitude of data flooding their staff and systems.

The new IBM X-Force Command Centers are built to scale global collaboration and integration of intelligence, people and technology to help respond to threats in facilities across Europe, North America, South America and Asia-Pacific. On constant watch, X-Force Command Centers are capable of processing more than 35 billion security events daily for more than 4,500 clients across 133 countries.

Our analysts can now tap into Watson for Cyber Security, equipping them with rapid access to large amounts of data unlike any other security operations center on earth. This cognitive advancement represents an important enhancement in speed and data analysis.

Learn more about the Role of Cyber Ranges in Security Incident Response Planning

3. Expertise and Experience

Preparing a proactive and effective cyber resilience strategy can be an unnerving challenge for even the most experienced security teams, especially when developed in the absence of key executive decision-makers across the C-suite. And for those who have assembled a plan, a breach can still occur and take many by surprise.

Our newly unveiled X-Force Incident Response and Intelligence Services (IRIS) Team, under the leadership of Wendi Whitmore, brings expertise and services in threat intelligence and forensics to help organizations build comprehensive, proactive incident response, along with establishing threat intelligence and remediation strategies. According to a recent report, 94 percent of C-level executives believe there is some probability that their company will experience a significant cybersecurity incident in the next two years. They need to be prepared.

We think there are several strategies and approaches that can greatly affect the outcome of a future breach. With our investment in Resilient Systems earlier this year, combined with our commitment to growing our portfolio with the X-Force Command Centers, Cyber Range and IRIS Team, we are dedicated to helping organizations conquer the complexities of incident response and threat intelligence. Like any solid business continuity and disaster recovery plan, cyber resilience requires an investment in rigorous preparation, planning and testing. That way, in moments of chaos, the cool and collected prevail.

More from X-Force

Hive0147 serving juicy Picanha with a side of Mekotio

17 min read - IBM X-Force tracks multiple threat actors operating within the flourishing Latin American (LATAM) threat landscape. X-Force has observed Hive0147 to be one of the most active threat groups operating in the region, targeting employee inboxes at scale, with a primary focus on phishing and malware distribution. After a 3-month break, Hive0147 returned in July with even larger campaign volumes, and the debut of a new malicious downloader X-Force named "Picanha,” likely under continued development, deploying the Mekotio banking trojan. Hive0147…

FYSA – Critical RCE Flaw in GNU-Linux Systems

2 min read - Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare,…

Getting “in tune” with an enterprise: Detecting Intune lateral movement

13 min read - Organizations continue to implement cloud-based services, a shift that has led to the wider adoption of hybrid identity environments that connect on-premises Active Directory with Microsoft Entra ID (formerly Azure AD). To manage devices in these hybrid identity environments, Microsoft Intune (Intune) has emerged as one of the most popular device management solutions. Since this trusted enterprise platform can easily be integrated with on-premises Active Directory devices and services, it is a prime target for attackers to abuse for conducting…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today