 The Cube at IBM Impact 2014 is brought to you by headline sponsor IBM. Here are your hosts, John Furrier and Paul Gillan. Okay, welcome back everyone here, live in Las Vegas for IBM Impact, this is SiliconANGLE's The Cube, our flagship program. We go out to the events and extract the signal from the noise. I'm John Furrier, the founder of SiliconANGLE. Here's my co-host, Paul Gillan with SiliconANGLE. And our next guest is a VJ Deep, global product manager at IBM, covers big data, security, cloud, some boring areas right now in the technology area, VJ, you know, cloud, big data security, I mean, gone. We just heard there's 400,000 employees, it seems like you got stuck with an awful lot. Well, our job is to make sure that we have visibility across our security posture and also help our customers get complete visibility over their security posture. Yeah, I don't, you don't have to hear the terms big data and security put together. What is the message there? Well, one of the interesting things is that security has always been a big data challenge because you have thousands of IT systems, you have hundreds of business application systems. If you want to know how your organization can potentially be compromised, you have to have visibility over those. So you're talking about big data, about taking in event logs and all kinds of data about what's going on in your network and using big data analytics. Exactly, exactly, log events and network activity between people, their applications, how data flows within your organization. If you have visibility over it, you can then look at how to best protect it by being, by allowing security to be a business enabler and not just a oversight hurdle. So we cover the big data space pretty heavily on SiliconANGLE, Wikibon and theCUBE, all the Hadoop worlds and Hadoop summits will be at the Hadoop summit this year again with the Hortonworks. We always talk about big data with security and fraud. I get that, I can see someone's in Vegas with their cell phones, there's a withdrawal in another area. You can tie those together. We've had Abhimeta on, former Bank of America, now the founder of Trasada, real big in financial services. So obviously retail's another lucrative territory to stake out. You're probably, but I want you to answer the question of the difference between big data and security, using big data around security and how that's different from some of the tools out there around market intelligence and BI or business intelligence, because data warehousing business intelligence has been around for a while, which is, we've always come into the slow lagging, kind of parked out in the hinterlands of the enterprise, but there are some cool market intelligence BI stuff out there, but how's that different from some of the stuff you're working on? Well, in security, one of the most important parameters is time. So imagine this, you have two developers or two analysts and you let them for two weeks go at the data. In market intelligence or business intelligence, they come out with one new idea, and it justifies their investment. In security, they spend two weeks, come back with one item to investigate. There might have been better allocated somewhere else, maybe even set up a- Oh, they might have missed some things. They might have missed a lot. And time is of the essence. So one of the things that I like to tell customers about the difference of big data is that you got to treat big data for security like a museum. You have to curate the data that you can best impact the outcomes for your security investigation. And if you take that into account, everything else will start falling into place, looking at what type of reports you got to do, what type of investigative behavior you want to enable, but you need to provide direction. You need to provide focus that you may not need. Actually, sometimes it might be restrictive in the context of business intelligence or market intelligence. So let's just drill into that a little bit. So let's take the heart bleed, obviously, big trending item impact is significant. What could have been done differently to catch that with using big data? Because that's a little bit different kind of approach, but still it's an application vulnerability that might fit into the logic enterprise. It scares the hell out of everybody. How would you dig into that and say, because you don't know what to curate. It's not a, in the museum analogy, it's like that hasn't yet to be an exhibit. Plus it left no trace, no trace. So in the case of, I'll talk about from a response standpoint, being able to respond to something as pervasive a threat to your organization or your operations is to be able to making sure that all your business critical applications, your business critical systems that are externally focused, externally surfaced, being able to, if you're getting information from those, those are more important data sources than other potentially less critical items inside your organization. So being able to make sure that you understand your organization, understanding where, within your organization, your reputation, your operations are at most risk, and being able to make sure that that data is analyzed first so that you can very quickly respond to something like Heartbleeds. Now from a detection standpoint, being able to curate data that you get from government investigators, being able to get it from teams like IBM X-Force who are doing the research and notify it. One of the interesting things is today, even with organizations building up their capacity to incorporate security and security awareness, we still get most of our awareness of new incidents or new threats from external parties. So if that's the case, I need those data sources that allow me to very quickly know what the new threats are so I can respond to it very effectively. And that's part of the data curation. One of the problems with analyzing that large amount of security data is knowing what to look for. Seems like an ideal application of Watson. So are we seeing, are you creating security applications for Watson specifically? So Watson is a logical next step. One of the things is that from a maturity standpoint, we are still building out the security knowledge that we need to codify into, human knowledge that we can codify into a machine. And I think we're not there yet. Once we have that corpus of information, and one of the interesting things about security is that it's always a cat and mouse game. So once you codify something, the attacker adapts. So take that in contrast to something like medicine. Once you learn something, once the system learns something, it is able to apply it over and over again. Whereas in security, we need to build not just cognitive capabilities, but also learning or adaptive capabilities incorporated within the parameters of what a security threat vector might look like. But you must be working with some government agencies on this right now. I mean, using that kind of Watson technology, I think they'd be all over this. Yes, and I said that's the direction we're headed. But not a commercial product at this point. One of the things, it's a point in time state, right? Watson played Jeopardy just a few years ago and now it's diagnosed in cancer better than most doctors, right? So we'll get there, and we're working on it. Now in terms of big data, is your area of coverage covered big data in general, or are you specific to the security domain? So it is the intersection of big data and security that we typically focus on. Everything from being able to do predictive analysis on exploring what parts of your organization might be most susceptible to risk, to analyzing which parts of your organization have the most significant amount of vulnerabilities, directing your team to invest time and effort to mitigate the most high risk vulnerabilities, but also from an incident response standpoint, how you can improve the time to addressing a solution from a cyber forensics standpoint. Now Roger Ray was on theCUBE yesterday who was talking about the info streams. This seems like sort of the core of your security big data strategy right now would be real-time analysis. Is that where you're directing your marketing focus right now, or is that a side light to the bigger data analytics business? So within the IBM security portfolio, the security intelligence platform that we currently have is Curator. It is a real-time and near real-time solution, and it works in conjunction with streams in the form that streams can help unify physical security, like from your cameras, multimedia content from audio, and merge it with cybersecurity data for like log events and NetFlow, but cybersecurity data is all processed and managed by Curator. And part of our big data initiative in security is to unify all of this data so that there are no data silos. So you can look and analyze all of this information as one coherent whole. Are you working with the infrastructure providers like Cisco to get a closer look inside their systems to be able to analyze that event data in real-time? So absolutely, we work with over 2,000 different partners who provide IT devices, security devices, to be able to, that's how we essentially allow our customers to get visibility on how to manage risk based on the configuration of certain devices, firewalls, IDS, IPS systems, how they've configured their web servers. So all of this information, we are basically first collecting, assessing. We have over six to eight years worth of security knowledge that we apply to it, because we not only correlate all this data, but we add causation. So to resolve causation, we need to take all of this correlated information and add that insight that we have developed to guide security organizations to work on situations, incidents or offenses that are most pertinent to their organization today. You said that security is a moving target and the bad guys are always morphing to move in another direction. What trends are you seeing right now? Where are the new vectors of security threat right now? Yes, I think, I like to call it like we're in the age of the cyber offensive. The reason for that is regulations haven't caught up, building up an evidence corpus of data. We don't know how much to prove, to identify. It's harder to bring people to prove that they did something. And also, from a defense standpoint, we are at a situation where we have too many open switches. We're moving into social, we're moving into mobile and cloud. And given the dynamism of our business environment, we're in a situation where attackers can pick the time and place. Moving forward, what I see is that the historical low and slow attacks, we also have more of zero day type attacks that can, but mainly, we're migrating beyond the kitty attacks, the opportunistic attacks, where attackers want to derive return on investment from their attack. They're spending time and effort, so now they want to be compensated. How do they get compensated? And that actually helps us as defenders to identify what impacts our risk, impacts our reputation, impacts our business, and how attackers can potentially glean monetary value from it, and maybe that's where we allocate our defenses. So you narrow down more of your vectors that you're looking at. So I got to ask you about the DevOps culture and then tie that into security, because I think the cloud has proven that with the emerging web scale companies like Google, Facebook, Yahoo, Amazon, the super geeks can build their own stuff. That horse has left the barn, so to speak. But that really drove the DevOps culture, which is now going mainstream. Security is a similar kind of discipline. You can't just take someone who runs programs Mongo, who's a Rails developer, be like, okay, make them a security expert, because they're like, LAMP stack developers, that's sophisticated. So is there a security ops model that's going to come, that's similar to the DevOps, where from a development standpoint, you can have security as code, meaning I'm coding apps and deploying security stuff without being a security expert. Very good question. And this is, we first identified this challenge in the mobile space. Mobile developers were not as security aware or security seasoned as system developers. And suddenly they were writing up a Thor of applications and for application, business applications. So the idea there is how can we deliver confidence by facilitating tools, assets that they can reuse. A developer, a mobile app developer, doesn't need to rebuild how cryptography is done or rebuild PKI infrastructure. So what we've done is, in our trustee portfolio, we now deliver a security SDK that mobile developers can incorporate into their mobile app without having to rebuild a wheel every time they build a new app. Similarly for, when we look at it from an infrastructure standpoint, how step up authentication, how biometrics can be employed, we've done significant amounts from identity as a perimeter so that these basic concepts can be very quickly incorporated by developer without having them to learn the depth of service. You see that as a big trend right now. Absolutely. Secure ops in a way, if you'd like a better, probably a term about there, but okay. So where is that? Is it early stages, national anthem, first inning, first pitch? I think we're security as a field. We're just getting started. And it's a new mindset where security has to become an enabler. It can't be just policy and restrictions because if people now, because user experience is so important, people either find ways around it or not participate and security can't afford that. We're talking about social, we're talking about cloud. So we need to design insecurity into every aspect of our operations, whether it's into our access management, whether it's into our applications, whether it's how we transmit data and make it sometimes abstracted out from the developers, abstracted out so that you can empower and enable security behind the coverage. B.J., we'd like to have you on, again, this is a great topic, certainly very relevant and very important, seeing just the business loss alone with some bad security, just the heart bleed is just a great poster child right now. It's fresh in everyone's mind. That's just one of many examples that's happening on a daily basis. It's now a boardroom conversation. Yeah, exactly. The kids in the dorm room to the boardroom or our security, our potential leaks and opportunities to fix. So thanks for coming on theCUBE, really appreciate it. We have to take a break. We'll be right back with our next guest after this break. It's live in Las Vegas for IBM Impact, it's theCUBE.