Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

IBM executive targets online criminals

X-Force director talks about staying ahead of future security risks
Page:

At IBM Internet Security System's, the company's primary security research organization is called X-Force. Kris Lamb, director of X-Force, says his group is charged with knowing where potential threats will arise and deliver product, services and education to customers about how to stay ahead of the risk. Recently Lamb discussed with Network World Senior Editor Denise Dubie what he sees as the most critical challenges and opportunities facing enterprise IT security managers today.

Tell me a bit about your role as director of X-Force at IBM Internet Security Systems.

We are the thought leaders for our customers and the company around applied security technology, the security landscape, threat forecasting, creation of new technology solutions that we may bring to market in the form of new products or new service offerings. We also provide the content delivery services for all of our products that we currently sell, such as antivirus updates or IPS updates or content filtering updates are delivered out of the X-Force organization. We also have a consulting portion of X-Force that delivers security consulting services to our clients. All told X-Force is a sizeable organization made up of a lot of research and development disciplines that are centered on security expertise.

What are some major trends or changes in the security industry X-Force is currently tracking?

Over the last 12 to 18 months or so, we've seen the hard right turn of the criminal underground shifting from a notoriety-driven motivation to a very highly-organized financially-driven motivation. Money is really driving what they do. All of the security vulnerabilities or exploits or computers they control represent real dollars to them given the activities they are using these resources for. Before it was about notoriety, it was about being seen or noticed, or getting a lot of press coverage by Web site defacements and denial of service attacks that were very public. Now the criminals don't want to be detected because when they are detected they lose control of the computing resources and they are not able to engage in the criminal activities such as computer bot exploitation or malware spreading or phishing recruitment runs. They lose those assets or the ability to conduct those activities and that means they are losing money. The criminal underground is now engaging in very shrewd, very guarded sets of activities.

How does this motivation shift change security threats?

A real big philosophical and structural change is happening. We are seeing the threat landscape go through a major change. Over the last 12 months, the types of threats and attacks that are being exploited and really being used in the criminal underground are much more application-centric and browser-centric in nature. Rather than the vulnerabilities of old that were more operating system related and low level in nature, whether is be default Windows or Unix services these vulnerabilities are still being found and leveraged, but by and large the motivation and the areas of threat research going on among the criminal underground are around highly repeatable, highly undetectable types of attacks. What's the most ubiquitous activity that people are conducing on the Internet? That's Web browsing and e-mail. Those two are the number one delivery vectors.

What you see is people looking at ways that they can reliably utilize those two application frameworks to deliver highly targeted malware and exploits that leverage the browser to infect computers or to steal identities or engage in other sorts of activities where those are the vectors for attack.

Page:

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: HIS Limited, IBM, Internet Security Systems, IPS, Security Systems, X-Force

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • How progressive companies are using social technologies
    Social networks and collaborative technologies are now commonplace in many workplaces. Having first been used “on the quiet” by highly-networked employees, in increasing numbers they are now being proactively used by businesses keen to connect more effectively with their internal and external audiences. Web collaboration is now viewed as critical to company success and as having multiple benefits and applications to the business. Read on.
    Learn more »
  • The eGuide to Data Movement and Governance: Helping Business Professionals Stay Up to Speed
    You fail an audit. Or customer information is compromised. Or you are called on the carpet for failing to meet a critical customer SLA. At that point you realise just how important it is to your organisation and to your career. How do you prepare for that moment? More importantly, how do you prevent it from happening in the first place? It is absolutely critical that you understand the possible consequences of a failure to properly monitor, control, and protect the movement of data. Missed opportunities and lost revenue might be the least of your worries. In some cases, poor practices can lead to lawsuits, fines, and even the failure of the business itself. The purpose of this eGuide is to help you grasp the measures that can keep your organisation on track to meet objectives and in line with regulations.
    Learn more »
  • Ten ways to save money with IBM Tivoli Storage Manager
    According to a recent report by Gartner, “By 2014, at least 30% of organizations will have changed backup vendors due to frustration over cost, complexity and/or capability. ”However, replacing a backup infrastructure can be a painful and disruptive process. The best replacement solution will beone that not only addresses these issues, but also demonstrates significant cost savings, enables a rapid return on investment and ensures a seamless transition.This white paper describes 10 ways that IBM® Tivoli® Storage Manager solutions can help organizations save money while addressing their data storage challenges, including those associated with exponential data growth.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments

HP and IDG news, product videos and resources