>> Live from San Francisco, it's theCUBE. Covering IBM Think 2019. Brought to you by IBM. >> Welcome back to theCube. Lisa Martin with Dave Vellante on our third day here at IBM Think 2019. The second kind of full day of the event. Dave, here we are with this beautiful San Francisco rain. Much needed in California >> I like being back in Moscone, its good. >> It is nice being back in Moscone. Speaking of being back, we are welcoming back to theCUBE Mary O'Brien, the general manager of IBM security. Mary, it's a pleasure to have you on the program. >> Thank you Lisa, Dave. >> Mary. >> So we were just talking before we went live, this event is massive, about 30,000 people. It was standing room only to get into Ginni Rometty's keynote yesterday. >> No you couldn't get in. >> Couldn't get in, >> They closed, they shut the doors out >> I think she said this is the closest that she'll ever be to an iPhone launch. That must be like rockstar status. Four campuses, 2,000 different sessions, there is here a Security and Resiliency campus. >> Yes there is. >> Which must be exciting for you, >> It certainly is. >> but talk to us about security is such a pervasive challenge that any organization faces. You were saying, there's nearly two million by the year 2020 nearly two million unfilled security roles. Talk to us about security at IBM and how you're using technologies, like AI, to help combat the problem, this prolific problem that cyber security is bringing. >> Okay, so I can start by saying security is everybody's problem. It's a problem faced by every business, everyday and as businesses modernize and they become more digital and move to the Cloud, there's cyber security nightmares and cyber security problems are only getting greater, okay? So, you know couple that with the fact that, as you say, by 2020, and ever body has a different variation of this statistic, but we're working on the basis that by 2020, there will be in the region of two million, unfilled, cyber security posts around the world. So at IBM Security, we're looking to understand how we can reduce the complexity, reduce the need for vast numbers of staff and augment our capabilities, all of our products and services, with artificial intelligence in order to relieve this gross skills gap. >> Well, I have to say, this is our 10th year now doing theCUBE Lisa and I was downstairs earlier and I saw, I guess I call him my friend, Pat Gelsinger, was walking into the keynote and a little high five and nine years ago I asked Pat Gelsinger on theCUBE, is security a do-over because of Cloud and he said flat out yes, it actually is. So I wonder, so much has changed in the last decade. You mentioned data, you mentioned artificial intelligence, the bad guys have gotten way more sophisticated, you have this new thing called The Edge and so I don't know if it's a do-over or evolving rapidly, but what are your thoughts on the changing nature of security? >> Well I think the security landscape is changing for sure and the attack surface is changing because you've got to remember that as all of our and more and more devices and all of our devices become smarter and become connected to the internet, we're basically just increasing the attack surface and increasing the opportunity for cyber attacks and cyber criminals to hack in and get into our networks. Okay, so you know as we move to the Cloud and we embrace an API economy, so we're using API's to access you know our applications then you know once again, we're opening up our capabilities. Open means open to us and to others and so the need to design security into everything we do and not append security as a perimeter around what we create is becoming more and more important. >> Well we can't do that just 'cause I think something also that you mentioned, sorry David, with the proliferation of devices, you know billions of devices, the perimeter is so amorphis, there's en clays on top of en clays on top of en clays >> Absolutely. >> I'm curious though, how is AI from IBM going to help companies protect themselves from their people, who might not be doing things necessarily maliciously, unintentionally, but that's one of the biggest common denominators I think in security that's the biggest, how do we protect from people? >> You nailed it. I mean I can not remember the stat, but I do know that more than 50% of breeches result from the inside and that's not necessarily people being malicious. I mean you have a combination of people who just don't adopt the best security policies, so they're not using strong passwords, they're clicking on links, they're answering phone calls, they're doing something that's a little bit sloppy or a little bit insecure and then of course you'll have the malicious insider. There aren't very many of them, but they do exist. So the way the security industry is evolving to protect ourselves against the insider is firstly to look at access to our crowned jewels and to make sure that only the people who need access to our crowned jewels and to the most important assets within our businesses have that access. Okay, firstly, now secondly, we are developing capabilities that we call user based analytics, user behavioral analytics. So we actually profile, what is the normal behavior of a user. So a user, in their job role, who works the pattern that is normal for that user. You know, what is a normal behavior for that user so that we allow the machine and the algorithms to learn that normal behavior so that when that behavior becomes different or when that user does something anomalous, that we can trigger an action, we can trigger an alert, we can do something about it. So user behavior analytics is the way we apply machine learning, artificial intelligence, to the problem to keep us safe from the insider fumbling, yes. >> Another big change and I want to make a comment, is the way in which organizations approach security at the board level. It's become a board level topic. The conversation between whether its the CSO or the CIO and the board has evolved from really one of, oh yeah, we're doing everything we possibly can to we're going to get breached, it's all about our response to that breech and here's the response mechanism and so I wonder if based on your conversations Mary, with executives, what you're seeing, what are they asking from IBM, just in terms of helping them specifically respond to the inevitable breaches? >> Okay, so there's a wide range of responses to that question. And it depends where you are on the globe, how sensitized the board is to security situations. They're all sensitized, but there are some parts of the globe where a breach of a regulation can put a board member in prison. So you know, there's a motivation to >> They're paying attention >> They're paying attention okay, but you know across the board, we're seeing that the board has evolved their attention, based on the fact that security used to be driven by compliance. It used to be driven by ticking a box to say you had a database protection in place and you had x, y, z in place. People became more sensitized to the next attack so what was the next threat, what was the next attack on their, the next piece of malware, the next piece of ransomware, but now people have really got to the point and the board have really got to the point where they really realize that this isn't about when an adversary gets into your network or gets into your enterprise or your business. They get in. It's about how you respond to it, how you find them, how you remove them, how you respond to the breach so at IBM security, we put a huge focus on training boards and their teams in how to respond to an instance because we've got to get to a point where the response is muscle memory so that everybody knows their role, they know how they behave and we're back to the people discussion again because everybody, from the person who is at your reception desk, who may be the first person to meet the media as they come in your doors after an event, to the CSO who has responsibility to the President or CEO, needs to understand their role and when they parttake or when they back away and let the experts partake during the course of an incident. >> One of the things too that's been widely known is it's taken upwards of two to 300 days before breaches are detected. How is IBM helping infuse AI into, not just the portfolio, but also the practices and behaviors to start reducing that so it doesn't take as long to identify a breach that can cost millions of dollars? >> So yes, what were doing here is we're working to reduce the complexity in peoples cyber programs. So if you consider that in many of our clients shops, we will find up to 80 different security products from 40 different vendors and that's an average that has been taken over time and we use that statistic all the time. Basically you have all of these tools and all of these products that have been bought to solve a security threat djure over several decades and they're all residing, all of these products, not talking to one another. So at IBM Security, what we're doing is we're applying technology and our capabilities to bring together the insights from all of these tools and to ensure that we can actually knit them together, correlate those insights, to give a more holistic view, a faster view, of what's relevant, what's pertinent to you in your industry, in your geo, in your business. So we look for the insights that are indicative of the most significant threat to you to help you get there, sort it, eradicate it, quarantine, or whatever you need to do to eliminate it. >> How about the skills gap? We talk about that a lot on theCUBE. There's more security professionals needed than are out there. What can you do about that? Is machine intelligence a possible answer? Helping people automate a response? What do you see? >> Absolutely So there's a number of different responses. Absolutely, infusing artificial intelligence and finding ways of reducing the amount of the amount of security data, the amount of security alerts that need to be responded to. So firstly you need to reduce the noise so that you can find the needle in the haystack and our capabilities with machine learning and artificial intelligence and the various different algorithms we build into our products help along the way there. So you have that. In addition to that, you always have a need for the people, for the experts so making sure that we infuse all of our practices, the people who are foot soldiers on the street, our consultants, our practitioners, to make sure that we hire the best, the brightest and we put them around the geo so that they are distributed and able to help our clients. And then you heard Ginni yesterday talk about various different means of accelerating our ability to bring more people into the workforce using our P-TECH initiative within IBM, so we're looking to go out to schools, where you wouldn't necessarily have a feed or kids with an opportunity, to find jobs in the cyber security space or in many professional spaces. Finding them, training them, tapping them, encouraging them and we've seen several people come through the P-TECH schools into the cyber security space and we've also embraced the return to work for people who have taken career breaks either to mind elderly relatives or to bring up kids or whatever, so we have a number of programs running in various parts of the world where we're introducing people back into the workforce and training them to become cyber experts. >> I got to ask you, as a security executive, does Quantum keep you up at night? >> Um, Quantum does not keep me up at night because IBM are the leaders in this space and as leaders in this space, we work with the researchers and developers in the IBM research labs, to ensure that our security practices are keeping in lock-step with Quantum and our algorithms are changing so that we can stay ahead of the Quantum race. >> It's in the hands of the good guys right now. >> It certainly is >> Let's keep it that way if we can. >> Last question Mary, there is, as I mentioned in the very beginning, four campuses here where the 30,000 plus attendees can learn. What are some of the things that you're excited that the attendees here, customers, perspective customers, partners, analysts, press are going to see, touch and feel from the Security and Resiliency Campus? >> At the Security and Resiliency Campus, the people here can see some of our latest innovations and capabilities and they can see our new platform. Our new security platform is called IBM Security Connect and this is you know, our capability that we just launched to actually reduce the complexity in people's cyber programs and help bring lots of these products, these siloed products and the insights from them together, to give a much sharper view of the threat to your business. So there's a very good demonstration of that. You can see a very good demonstration of the breath of our portfolio. You can talk to some of our consultants. Talk to our instant response specialists, you know, you can be scared about what's out there and see that your security is in good hands if you work with us. >> It sounds like a security candy store down there. We should go check it out. >> Yeah >> It sure is. >> Check out the flavors. >> Exactly. Thanks so much for stopping by >> Thank you. >> Sharing with us what's new >> Great to see you again Mary. >> In IBM security and also how you guys are helping to influence behavior. I think that's a really important element. We thank you and we look forward to talking to you again. >> Thank you very much. >> We want to thank you for watching theCUBE. Lisa Martin with Dave Vellante, live IBM Think 2019 on theCUBE. Stick around, we'll be right back shortly with our next guest. (tech music)