>> Announcer: Live from Las Vegas, it's The Cube. Covering IBM Think 2018, brought to you by IBM. >> Welcome back to IBM Think 2018. My name is Dave Vellante and you're watching The Cube, the leader in live tech coverage. This is IBM's inaugural Think event. Companies consolidated about six major events into one We're trying to figure it out, 30-40,000 people there's too many people to count, it's just unbelievable. Mary O'Brien is here, she is the vice president of research and development at IBM in from Cork, Ireland. Mary, great to see you, thanks for coming on The Cube. >> Thank you, Dave. >> So tell us a little bit more about your role at IBM as head of research and development. >> Okay so I'm head of research and development for IBM Security explicitly so in that capacity I manage a worldwide team of researchers and developers and we take products from, you know, incubation, initial ideas all the way through to products in the field. Products that help defend businesses against cyber crime. >> So, Jenny was talking today about, you know, security is one of the tenants of your offerings at the core. >> Mary: Yes. >> So, everybody talks about security. >> You can't bolt it on, you know, there's a lot of sort of conversations around that. What does that mean, security at the core from a design and R & D perspective? >> That actually means that the developers of applications are actually aware of security best practices as they design, as they architect and design their applications. So that they don't deliver applications to the field that have vulnerabilities that can be exploited. So, instead of trying to secure a perimeter of an application or a product or, you know, a perimeter full stop they actually design security into the application. It makes it a much more efficient, much cheaper way to deliver security and also, you know, much stronger security base there. >> So, I wonder if you could relate, sort of, what you guys are doing in security with what's happened in the market over the last 10 or 15 years. So, it used to be security was, you know, hacktivists and you know throw some malware in and maybe do some disruption has become cyber criminals, you know, big business now and then of course you've got nation states. >> Mm-hmm How have you had to respond specifically within the R & D organization to deal with those threats? >> So, you know, you have described the evolution of cyber crime over the last years and for sure it's no longer kids in a basement you know, hacking to, for the fun of it. Cyber crime is big business and, you know, there's money to be made for cyber criminals. So, as a result they are looking to hack in and get high value assets out of enterprises, and of course, we as an organization and as a security business unit have had to respond to that. By really understanding, you know, what constitutes a very mature set of security competencies and practices and you know how we break down this massive problem into you know, bite sized consumable pieces that any business can consume and work into their enterprise in order to protect them. So, we have developed a portfolio of products that look at protecting all parts of your enterprise. You know, by infusing security everywhere, you know, on your devices, on the, you know, the perimeter of your business. Protecting your data, protecting all sorts, and we also have developed a huge practice of security professionals who actually will go out and do it for you or will, you know, assess your security posture and tell you where you've got problems and how to fix them. >> I remember a piece that our head of research, >> Peter Burris, wrote years ago and it was entitled something like "Bad User Behavior will Trump Good Security Every Time" and so my understanding is phishing is obviously one of the big problems today. How do you combat that, can you use machine intelligence to help people, you know, users that aren't security conscious sort of avoid the mistakes that they've been making? >> So, before I get into the, the complicated, advanced, you know, machine learning and artificial intelligence practices that we are bringing to bear now, you know, it's important to be clear that you know, a vast number of breaches come from the inside. So, they come from either the sloppy employee who doesn't change their password often or uses the same password for work and play and the same password everywhere. Or, you know, the unfortunate employee who clicks on a malicious link and you know, takes in some malware into their devices and malware that can actually you know, move horizontally through the business. Or it can come from you know, the end user or the insider with malicious intent. Okay, so, it's pretty clear to all of us that basic security hygiene is the fundamental so actually making sure that your laptop, your devices are patched. They have the latest security patches on board. Security practices are understood. Basic password hygiene and et cetera, that's kind of the start. >> Uh oh. >> Okay keep going. >> Okay, so-- >> I'm starting to sweat. >> So, you know, and of course, you know, in this era of cyber crime as we've seen it evolve in the last few years, the security industry has reached a perfect storm because it's well known that by 2020 there will be 1.2 million unfilled security professional roles, okay? Now, couple that with the fact that there are in the region, in the same time frame, in the region of 50 billion connected devices in the internet of things. So what's happening is the attack landscape and you know, the attack surface is increasing. The opportunity for the cyber criminalist to attack is increasing and the number of professionals available to fight that crime is not increasing because of this huge shortage. So, you know, you heard Jenny this morning talking about the era of man assisted by machine so infusing artificial intelligence and machine learning into security products and practices is another instantiation of man being assisted by machine and that is our, our tool and our new practice in the fight against cyber crime. >> So when I talk to security professionals consistently they tell us that they have more demand for their services than supply to chase down, you know, threats. They have, they struggle to prioritize. They struggle with just too many false positives and they need help. They're not as productive as they'd like to be. Can machine intelligence assist there? >> Absolutely, so computers, let's face it, computers are ideally placed to pour over vast quantities of data looking for trends, anomalies, and really finding the needle in the haystack. They have such a vast capacity to do this that's way out, you know, that really surpasses what a human can do and so you know, with, in this era of machine learning you can actually you know, equip a computer with a set of basic rules and you know, set it loose on vast quantities of data and let it test and iterate those rules with this data and become increasingly knowledgeable you know, about the data. The trends in the data, what the data, what good data looks like, what anomalous data looks like and at speed point out the anomalies and find that needle in the haystack. >> So, there's a stat, depending on which, you know, firm you look at or which organization you believe, but it's scary none the less. That the average penetration is only detected 250 or 350 days after the infiltration, and that is a scary stat, it would take a year to find out that somebody has infiltrated my organization or whatever it is, 200 days. Is that number shrinking, is the industry as a whole, not just IBM, attacking that figure? First of all, is it a valid figure, and are you able to attack that? >> Well, the figure is definitely scary. I don't know whether your figure is exactly >> Yeah, well the latest figure but it's a scary figure >> Yeah. and it's well known that attackers will get in. So, of course, there's, uh there's the various phases of, you know, protecting yourself. So, you're going to try to avoid the attackers getting in in the first place. Using the various hygienic means of you know, keeping your devices, you know, clean and free from vulnerabilities and so on. But you've also got to be aware that the attacker does get in so now you've got to make sure that you limit the damage that they can cause when they're in. So, of course, you know security is a, you know you can take a layered approach to security. So you've got to firstly understand what is your most valuable data, where are your most valuable assets and layer up the levels of security around those first. So you make sure that if the attacker gets in, they don't get there and you limit the damage they can do and then of course you limit their ability to exfiltrate data and get anything out of your organization. Because I mean if they are just in there, of course they can do some damage. But, the real damage happens when they can manage to exfiltrate data and do something with that. >> So again Mary, it make sense that artificial intelligence or machine intelligence could help with this but specifically what do you see as the future role of Watson as it relates to cyber security? >> So, I mentioned the shortage of security professionals and that growing problem, okay so Watson in our cyber security space acts as an assistant to the security analyst. So, we have taught Watson the language of cyber security, and Watson manages to ingest vast troves of unstructured security data, that means blogs and you know, written text of security data from, that's available on the internet and out there all day, everyday. It just ingests this and fills a corpus of knowledge with this, with these jewels of information. And, basically that information and that corpus of knowledge is now available to a security analyst who, you know, a junior security analyst could take years to become very efficient and to really be able to recognize the needle in the haystack themselves. But with the Watson assistant they can embellish their understanding and what they see and all of the, all of the relationships and the data that augments the detail about a cyber incident you know, fairly instantaneous. And it, you know, really augment their own knowledge with the knowledge that would take years to generate, you know. >> So, I wonder if we could talk about collaboration a little bit because this is good versus evil. You guys are like one of the super heroes and your competitors are also sort of super heroes. >> Of course. >> You got Batman, you got Superman, Catwoman, and Spiderman, et cetera. How do you guys collaborate and share in a, highly competitive industry? Well, they're vary as far as you know, appearing for sharing okay, so firstly you absolutely nailed the importance for sharing because you know, the cyber criminals share on the dark web. They actually share, they sell their wares, they trade, you know so very important for us to share as well. So, you know, there are various industry forum for sharing and also organizations like IBM have created collaborative capabilities like we have our X-force Exchange which is basically a sharing portal. So, any of our competitors or other security organizations or interested parties can create you know, a piece of work describing a particular incident that they are investigating or a particular event that's happening and others can add to it and they can share information. Now, historically people have not been keen to share in this space so it is an evolving event. >> So speaking of super heroes I got to ask ya, a lot of security professionals that I talk to say well when I was a kid I read comic books. You know, I envisioned saving the world. So, how did you, how did you get into this, and was that you as a kid? Did you like-- >> No, it wasn't. I'm not a long term security professional. But, I've been in technology and evolving products for, you know, in the telecommunication business and now security over many years. So, I got into this to bring that capability of delivering quality software and hardware products to the field back in 2013 when a part of our IBM security business needed some leadership. So, I had the opportunity to take my family to Atlanta, Georgia to lead a part of the IBM security business then. >> Well, it's a very challenging field. It's one of those, you know, never ending, you know, missions so thank you for your hard work and congratulations on all the success. >> Thank you David. >> Alright, appreciate you coming on The Cube, Mary. >> Thank you. >> Keep it right there everybody, we will be back with our next guest, you're watching The Cube. We're live from IBM Think 2018 in Las Vegas, be right back. (pleasant music)