 from Las Vegas, it's theCUBE. Covering IBM Think 2018, brought to you by IBM. Welcome back to IBM Think 2018. My name is Dave Vellante and you're watching theCUBE the leader in live tech coverage. This is IBM's inaugural Think event. Company's consolidated about six major events into one as well. We're trying to figure it out. 30, 40,000 people. There's too many people to count. It's just unbelievable. Mary O'Brien is here. She's the vice president of research and development at IBM in from Cork, Ireland. Mary, great to see you. Thanks for coming on theCUBE. Thank you, Dave. So tell us a little bit more about your role at IBM as head of research and development. Okay, so I'm head of research and development for IBM security explicitly. So in that capacity I manage a worldwide team of researchers and developers. And we take products from incubation, initial ideas all the way through to products in the field. Products that help defend businesses against cyber crime. So Ginny was talking today about security as one of the tenets of your offerings at the core. So everybody talks about security. You can't bolt it on. There's a lot of sort of conversations around that. What does that mean? Security at the core from a design and R&D perspective. That actually means that the developers of applications are actually aware of security best practices as they design, as they architect and design their applications so that they don't deliver applications to the field that have vulnerabilities that can be exploited. So instead of trying to secure a perimeter of an application or a product or a perimeter full stop, they actually design security into the application. It makes it a much more efficient, much cheaper way to deliver security and also much stronger security based there. So I wonder if you could relate sort of what you guys are doing in security with what's happened in the market over the last 10 or 15 years. So it used to be security was hacktivists and throw some malware in and maybe do some disruption and it's become cyber criminals, big business now and then of course you got nation states. How have you had to respond specifically within the R&D organization to deal with those threats? So you have described the evolution of cyber crime over the last years and for sure it's no longer kids in a basement hacking for the fun of it. Cyber crime is big business and there's money to be made for cyber criminals. So as a result they're looking to hack in and get high value assets out of enterprises. And of course we as an organization and as a security business unit have had to respond to that by really understanding what constitutes a very mature set of security competencies and practices and how we break down this massive problem into bite size consumable pieces that any business can consume and work into their enterprise in order to protect them. So we have developed a portfolio of products that look at protecting all parts of your enterprise by infusing security everywhere on your devices, on the perimeter of your business, protecting your data, protecting all sorts. And we also have developed a huge practice of security professionals who actually will go out and do it for you or will assess your security posture and tell you where you've got problems and how to fix them. I remember a piece that had a research Peter Burris wrote years ago and it was entitled something like, bad user behavior will trump good security every time. And so my understanding is fishing is obviously one of the big problems today. How do you combat that? Can you use machine intelligence to help people, users that aren't security conscious, sort of avoid the mistakes that they've been making? So before I get into the complicated, advanced, you know, machine learning and artificial intelligence practices that we're bringing to bear now, you know, it's important to be clear that a vast number of breaches come from the inside. So they come from either the sloppy employee who doesn't change their password often or uses the same password for work and play and the same password everywhere or the unfortunate employee who clicks on a malicious link and takes in some malware into their devices and malware that can actually move horizontally through the business or it can come from the end user or the insider with malicious intent. Okay, so it's pretty clear to all of us that basic security hygiene is the fundamental. So actually making sure that your laptop, your devices are patched. They have the latest security patches on board. Security practices are understood, basic password hygiene and et cetera. That's kind of the start. Uh-oh. Okay, keep going. Okay, so. I'm starting the sweat. So, you know, and of course, you know, in this era of cybercrime as we've seen it evolve in the last few years, the security industry has reached a perfect storm because it's well known that by 2020, there'll be 1.2 million unfilled security professional roles. Okay, now couple that with the fact that there are in the region, in the same timeframe, in the region of 50 billion connected devices in the internet of things. So what's happening is the attack landscape and, you know, the attack surface is increasing. The opportunity for the cyber criminalists to attack is increasing and the number of professionals available to fight that crime is not increasing because there's huge shortage. So, you know, you heard Jenny this morning talking about the era of man assisted by machine. So infusing artificial intelligence and machine learning into security products and practices is another instantiation of man being assisted by machine and that is our tool and our new practice in the fight against cybercrime. So when I talk to security professionals, consistently they tell us that they have more demand for their services than supply to chase down, you know, threats. They have, they struggle to prioritize. They struggle with just too many false positives and they need help. They're not as productive as they'd like to be. Can machine intelligence assist there? Absolutely. So computers, let's face it, computers are ideally placed to pour over vast quantities of data, looking for trends and anomalies and really finding the needle in the haystack. They have such a vast capacity to do this that's way out, you know, that way surpasses what a human can do. And so, you know, with, in this era of machine learning, you can actually, you know, equip a computer with a set of basic rules and, you know, set it loose on vast quantities of data and let it test and iterate those rules with this data and become increasingly knowledgeable, you know, about the data, the trends in the data, what the data, what good data looks like, what anomalous data looks like. And at speed, point out the anomalies and find that needle in the haystack. So there's a stat, depending on which, you know, firm you look at or which organization you believe but it's scary nonetheless, that the average penetration is only detected 250 or 350 days after the infiltration. And, you know, that is a scary stat. I think it'd take a year to find out that somebody's infiltrated my organization or whatever it is, 200 days. Is that number shrinking? Is the industry as a whole, not just IBM, attacking that figure? First of all, is it a valid figure and are you able to attack that? Well, the figure is definitely scary. I don't know whether your figure is exactly the latest figure but it's a scary figure and it's well known that attackers will get in. So, of course, there's the various phases of, you know, protecting yourself. So you're going to try to avoid the attackers getting in in the first place, using the various hygienic means of, you know, keeping your devices clean and free from vulnerabilities and so on. But you've also got to be aware that the attacker does get in so now you've got to make sure that you limit the damage that they can cause when they're in. So, of course, you know, security is, is a, you know, you can take a alert approach to security. So you've got to firstly understand what is your most valuable data? Where are your most valuable assets? And layer up the levels of security around those first. So you make sure that if the attacker gets in, they don't get there and you limit the damage they can do. And then, of course, you limit their ability to exfiltrate data and get anything out of your organization. Because, I mean, if they're just in there, of course they can do some damage. But the real damage happens when they can manage to exfiltrate data and do something with that. So again, Mary, it makes sense that artificial intelligence or machine intelligence could help with this. But specifically, what do you see as the future role of Watson as it relates to cybersecurity? So I mentioned the shortage of security professionals and that growing problem. Okay, so, so Watson in our cybersecurity space acts as an assistant to the security analyst. So we have taught Watson the language of cybersecurity and Watson manages to ingest vast troves of unstructured security data. That means blogs and written text of security data from that's available on the internet and out there all day, every day. It just ingests this and fills a corpus of knowledge with these jewels of information. And basically, that information and that corpus of knowledge is now available to a security analyst who, you know, a junior security analyst could take years to become very efficient and to really be able to recognize the needle in the haystack themselves. But with the Watson assistant, they can embellish their understanding and what they see and all of the relationships and the data that augments the detail about a cyber incident, you know, fairly instantaneous and, you know, really augment their own knowledge with the knowledge that would take years to generate. You know? So I wonder if we could talk about collaboration a little bit. Sure. Because this is good versus evil. You guys are like one of the superheroes and your competitors are also sort of superheroes. You got Batman, you got Superman, Catwoman and Spider-Man, et cetera. How do you guys collaborate and share in a highly competitive industry? Well, there are various for us, you know, appearing for sharing, okay? So firstly, you absolutely nailed the importance for sharing because, you know, the cyber criminals share on the dark web. They actually, they share, they sell their wares, they trade, you know, so very important for us to share as well. So, you know, there are various industry forum for sharing and also organizations like IBM have created collaborative capabilities like we have our X-Force exchange, which is basically a sharing portal. So any of our competitors, our other security organizations, our interested parties can create, you know, a piece of work describing a particular incident that they're investigating or a particular event that's happening and others can add to it and they can share information. Now, historically, people have not been keen to share in this space, so it is an evolving event. So speaking of superheroes, I got to ask you, a lot of security professionals that I talked to say, well, when I was a kid, I read comic books, you know, I envisioned saving the world. How did you get into this? And was that you as a kid? Did you like? No, it wasn't, I'm not a long-term security professional, but I've been in technology and evolving products for, you know, in the telecommunication business and now security over many years. And so I got into this to bring that capability of delivering quality, software, and hardware to products to the field back in 2013 when a part of our IBM security business needed some leadership. So I had the opportunity to take my family to Atlanta, Georgia to lead a part of the IBM security business then. Well, it's a very challenging field. It's one of those, you know, never-ending missions. So thank you for your hard work and congratulations on all the success. Thank you, James. All right, appreciate you coming on theCUBE, Mary. Thank you. Keep it right there, buddy, we'll be back with our next guest. You're watching theCUBE, we're live from IBM Think 2018 in Las Vegas, right back.