Be Proactive: Fight and mitigate Upcoming Future Attacks With Cyber Threat Hunting. Brought to you by IBM. In this video, you will learn to discuss global cyber trends and challenges. Cyber threats vary greatly and so do the methods of attack. To counter those various sources, organizations need intelligence to fortify themselves from both internal and external threats. To prevent future attacks, organizations can identify and investigate detectors after an incident. All insights become part of the organization cybersecurity strategy and tactics, resulting in intelligent approach to cybersecurity. The next three videos are a replay of a webinar that Sidney Pearl, a cybersecurity expert at IBM, presented to a global audience. Good afternoon, everyone. Thank you for your time today. Pleasure speaking with each of you. Quick introduction over myself, I'm the global IBM i2 Cyber Leader. My background are United States Navy [inaudible] Reserves in Special Operations, Intelligence and Communications. I've worked with a number of organizations. In addition to my military career, I've also worked at Unisys Corporation as an Executive Architect, working within the 8 Global Security Operations Centers at Unisys. Also served as the Executive Principal for Cyber Intelligence and Analytics at Unisys. That was my last role prior to leaving and joining IBM. I joined IBM to lead the cyber threat-hunting initiative for IBM's i2 technology. Additional capabilities and backgrounds that I have is I also served as the Executive Director of the Counter-Trafficking Information Sharing Analysis Organization out of Kennedy Space Center at NASA facility down in Florida. I also served as the volunteer Chief Cyber Intelligence Officer as well. I've been in and around not only traditional protect and defense cybersecurity aspects, I also bring a combination of both Intelligence experience from my military years, all the way through to working in the law enforcement, and also now into working in the cybersecurity industry as well for a number of years, over 12 plus years in doing that. So as part of that, I want to talk to you today about what are some of the global cyber trends and challenges that we're seeing. The good news is that I've now talked to a number of organizations around the world. I've been in 18 countries and I've delivered now cyber threat-hunting workshops to a number of clients across each of those different countries. I can certainly share with you that from global systems integrators to managed security services providers, to multi-industry opportunity and situations, client and partners, and service providers are recognizing that the proactive side of cyber threat-hunting needs to be integrated into stock operations today. So as part of that, I just want to say that we can all conclude that cybercrime has transformed the role of citizens, business, government, law enforcement, etc. Cyber touches everything that we do. It's not something we can turn a blind eye to. As an example of that, let's just take the healthcare industry as an example. Let's say, for example, that you have a defibrillator because you have a heart problem. All of these devices are what we're defining as Internet-sustained and all these devices are now moving into the space of all being wireless, and Wi-Fi, and IP enabled. So over the next five years, you're going to see a definitive trend as the Internet of Things continues to take hold and to drive and define who we are as a culture globally. As more of these technologies take hold, naturally, that introduces a number of different cybersecurity challenges as part of that. But the reality is, is that cyber touches everything today. We can call it cyber, we can call Internet, we can call it whatever form of electronic forms of communication that we want to define it as. But the bottom line is, we're all connected, and with those types of connection, that leads to a number of challenges. So as part of those challenges, a number of breaches, of course, are caused by malicious and criminal actions and activities. A number of organizations are facing numerous challenges from cyber skill shortages, certainly not even talking about cyber threat, I'm just talking cyber security specifically and the challenges that we're facing in the cyber skills space to be able to fill those types of responsibilities and skills as we look to deploy and support this type of solution. Now, one other key point here that's very important is what we call the dwell time. The dwell time by which a vulnerability or a threat has been within your network or other networks that has been there without it being identified and recognized, and that average dwell time is approximately 191 days. Now, that varies from organization to organization. The bottom line is that all organizations and industries today are facing a number of challenges that it relates to how do I identify this threat before? It actually becomes a problem and identify the sophistication of this. Now as part of that, the advancement of these threats continue to grow. So as we all know, threat actors or less transnational criminal organizations to criminal underground, whatever is going to make may come in whether it's nation-states, transnational states. The reality is that they are highly resource and that means they have more time, more money, and more resources than we ever will. They are also highly sophisticated in what they do. What I mean by that is they are actually learning a business. You can see here the types of attack that occurred in the United States and of course, this is not necessarily to United States, but these are good examples. The length of time that wrapped within the organization before was actually found and the amount of damage that was actually found. So when we talk about sophistication, this transnational criminals and criminal underground activities in nation-state has access more time, more money and resources. That means, for example, they can run businesses ransomware the service, like malware service. As part of that, certainly these are all challenges. But at part of this, we can certainly see that the dwelling in the network is a challenge. How do you identify those threats before they become actual problem? This and other examples as to some of the challenges that we're facing. Now, as I speak to a number of chief information security officers around the world, across multiple industries. Military, government, law enforcement, financial services, insurance, healthcare, to me, I've been around this very long time. Data and data in criminal activities. So for example, some of the work that have done in the past, I've helped gather information around international fugitives, criminals fugitives that have been fugitives from justice. I have moved and relocated and geolocated to different locations around the world, and some of the information intelligence of gathering they'll provide at the course to help geolocate and get eyes on location, where these people located so they can get captured and an extra bag of back to the country from where they originate. So to me, data is data. Whether you're talking about cybercriminals or you're talking about terrorist organizations, or whether you're talking about financial crimes. To me data is data, and how do you identify that data? Now, just so as we're saying that from the realm of target acts of war and terrorism to indirect criminal activities to target the activists groups. The reality is that the threat vectors are multidimensional as well, and they're coming from various environments and activities and from zero-day threats to ransomware to malware. All this type of threats are causing challenges for ourselves as well as for our clients. Naturally the SOC have to understand and the administering services organization has to be able to understand that if you continue to play a game of protecting defend which is extremely important, no doubt about it is very important. Protecting defend is critical. However, we also need to evolve to the next level of giving into more proactive cyber pro hunting. So as part of that, if we look at some SOC challenges as to what we're finding. Whereas we speak to a number of directors of SOC operations, global systems integrators, manage security service providers, we're finding that what are the current trends in needs in the marketplace is to increase the speed and accuracy of the response. Now, how do you do that? We don't have insight to the hidden and unknown emerging threat. How do you know how to increase the speed and accuracy of the response? The reality is that in the traditional SOC today, the tier 1, tier 2 systems, the endpoint systems of firewalls. Tier 2 systems being the CRM. Those systems are certainly doing their job, but they're all going to find 80 percent of the known threat. Challenge is that the 20 percent of the unknown plus is called the 80 percent of the greatest damage. So if you look at the pyramid as how is inverted from the actual threat of being 80 percent known, to 20 percent being unknown, and 20 percent being the greatest amount, it's doing the greatest amount damage. You can see here where how do you now start evolving you are thought to the next gen keep going. That means we now need to start ingesting, incorporating galaxies where now fits in what we call the Intelligent Led Cognitive SOC.
