Learning Library

← Back to Library

Cybersecurity Modernization in Hybrid Cloud

38m • Unknown Channel • security • deep-dive • intermediate • Watch on YouTube ↗

Key Points

The shift to hybrid‑cloud environments and wider AI adoption is reshaping cybersecurity programs, compelling security teams to modernize their approaches.
Modern threat management now expands beyond traditional log collection, normalization, and correlation to include real‑time network‑flow analytics (NDR) and user‑behavior analytics for faster detection.
Anomalies such as a sudden spike in a contractor’s data downloads can be identified instantly via flow analytics, enabling security operations centers (SOCs) to respond to threats in near real‑time.
Most breaches stem from the actions of a single user, so modernized security stacks focus on identity‑centric monitoring and the ability to sift through massive data “needle stacks” to isolate the true threats.

Sections

Full Transcript

# Cybersecurity Modernization in Hybrid Cloud **Source:** [https://www.youtube.com/watch?v=ObeUOeh1eck](https://www.youtube.com/watch?v=ObeUOeh1eck) **Duration:** 00:38:36 ## Summary - The shift to hybrid‑cloud environments and wider AI adoption is reshaping cybersecurity programs, compelling security teams to modernize their approaches. - Modern threat management now expands beyond traditional log collection, normalization, and correlation to include real‑time network‑flow analytics (NDR) and user‑behavior analytics for faster detection. - Anomalies such as a sudden spike in a contractor’s data downloads can be identified instantly via flow analytics, enabling security operations centers (SOCs) to respond to threats in near real‑time. - Most breaches stem from the actions of a single user, so modernized security stacks focus on identity‑centric monitoring and the ability to sift through massive data “needle stacks” to isolate the true threats. ## Sections - [00:00:00](https://www.youtube.com/watch?v=ObeUOeh1eck&t=0s) **Cybersecurity Modernization Fueled by Cloud and AI** - Bob Kalka explains how hybrid cloud and AI are compelling cyber teams to update threat management and SOC practices. - [00:03:09](https://www.youtube.com/watch?v=ObeUOeh1eck&t=189s) **Missing Incident Response Playbooks** - The speaker highlights that most organizations lack defined and tested incident response playbooks, urging broader security awareness, use of cyber ranges, and automation, especially as they adopt hybrid cloud and AI. - [00:06:20](https://www.youtube.com/watch?v=ObeUOeh1eck&t=380s) **Stealthy AI-Powered Threat Management** - The speaker explains that traditional EDR tools are vulnerable to smart malware, advocating for hypervisor‑based, AI‑enhanced, proactive security and open‑platform approaches to modernize threat management. - [00:09:30](https://www.youtube.com/watch?v=ObeUOeh1eck&t=570s) **Modernizing Cyber Teams with Microservices** - The speaker outlines how adopting microservices, open platforms, and unified workflows on an elastic cloud infrastructure accelerates security analysts and tackles the operational challenges of hybrid‑cloud deployments. - [00:12:32](https://www.youtube.com/watch?v=ObeUOeh1eck&t=752s) **Federated Investigation Drives Unified Workflow** - By employing federated search to query data directly in the cloud, organizations avoid costly data egress, accelerate real‑time investigations, and integrate detection, confirmation, and playbooks into a single, unified console for modern cyber threat management. - [00:15:38](https://www.youtube.com/watch?v=ObeUOeh1eck&t=938s) **Hybrid Cloud Data Visibility Gap** - The speaker notes that merely 7‑30% of organizations are confident they know the location of their sensitive data, and as they transition to hybrid cloud environments, traditional controls diminish, driving a need for coordinated IAM and data protection innovations. - [00:18:46](https://www.youtube.com/watch?v=ObeUOeh1eck&t=1126s) **Adaptive Access: MFA on Steroids** - The speaker explains that adaptive access augments traditional multi‑factor authentication with real‑time behavioral and fraud‑detection analytics—such as typing patterns—to dynamically assess risk and trigger step‑up authentication when needed. - [00:21:53](https://www.youtube.com/watch?v=ObeUOeh1eck&t=1313s) **Data Security Posture & Insider Threat** - The speaker stresses the surge in data security posture management, calling for robust encryption and access controls, long‑term monitoring of sensitive data access, and leveraging that visibility to detect insider threats. - [00:25:01](https://www.youtube.com/watch?v=ObeUOeh1eck&t=1501s) **Modernizing Proactive Threat Management** - The speaker outlines a shift to an open, integrated security platform that proactively maps attack surfaces, unifies analyst workflows, secures data through identity, encryption and access controls, and automates compliance and insider‑threat detection. - [00:34:18](https://www.youtube.com/watch?v=ObeUOeh1eck&t=2058s) **Building a Unified Cyber Defense Platform** - The speaker explains how acquiring Ran Dory for attack‑surface management, integrating React’s hypervisor‑based Q Radar EDR, leveraging a cyber range, and launching Hue Radar Log Insights on an open‑source ClickHouse backend together create an integrated, proactive security ecosystem. - [00:37:32](https://www.youtube.com/watch?v=ObeUOeh1eck&t=2252s) **Polar‑Powered Guardian Insights Overview** - The speaker explains how Polar’s multi‑layer posture management and long‑term sensitive‑data monitoring are integrated into IBM’s cloud‑native Guardian Insights, helping analysts adapt to hybrid‑cloud, AI‑driven security challenges. ## Full Transcript

0:00Hi, I'm Bob Kalka with IBM Security, and I'd like to talk to you today 0:04about a fascinating topic. 0:06And that is how cybersecurity programs are modernizing. 0:11I think it's stating the obvious to point out that most organizations 0:15and their IT 0:16investments are migrating towards hybrid cloud and leveraging AI 0:19more, and that is creating some essential physics in the industry 0:24that are forcing cyber teams to modernize as well. 0:28So what we're going to talk about today is what exactly is going on 0:32with cyber modernization, because cyber modernization 0:38is really occurring across two major areas right now. 0:43The first one is how do you actually do threat management? 0:49So for most organizations, that would be 0:52how do you run your security operations center or SOC? 0:56And the way most organizations do that today, it's it's pretty straightforward. 1:01It's not easy, of course, but it's pretty straightforward where everybody starts... 1:05is that you start by making sure 1:08that you can detect threats 1:12and then that you can respond to threats. 1:17I used to say, you know, you'd have to find the needles 1:21in the haystack of what looks suspicious and then go fix what you find. 1:26And I had a client somewhat politely inform me 1:30that he said, well, you're not really trying to find needles in a haystack. 1:33You're trying to find needles in the needle stack because everything looks bad. 1:36I said touche, exactly right. 1:38So how do organizations do this today? 1:41And this is just table stakes, right? 1:42This isn't the modernization part of it. 1:44So the way everybody does this today is you start by collecting, 1:48normalizing, correlating reporting and monitoring on logs. 1:54Right..and so we pull all that data together. 1:56There's lots of different sources that are being pulled in here, 1:58and we cross-reference and normalize and see what's going on. 2:02Now, logs are just the starting point, though, 2:05because, of course, that's just looking at stuff 2:07that's already happened to somewhere out there. 2:09So where almost every organization then migrates 2:13is also looking at real time network flow analytics. 2:17And some people even go as far as calling this network detection response or NDR. 2:22So you can see that, for example, if you have a contractor 2:27and your typical contractor downloads three 2:29confidential documents a week and all of a sudden you have a contractor 2:32downloading 300 confidential documents, Flow analytics 2:36allows you to get there and figure out that that's happening in real time. 2:40And they were most organizations then as go up their user 2:43behavior analytics because that's where you get that. 2:46Then add in what are actual people and what are specific identities doing. 2:51And our 95% of our problems coming from the actions of a single user, for example. 2:56And then as it is transforming, 2:59we essentially get into hybrid cloud. 3:02And this is the source of some of the physics issues 3:07that I was referring to, and I'll get to that in a moment now. 3:09So once an organization works on 3:12being able to process all of these things for finding the needles 3:19in the needle stack, then of course, where we go is 3:22how do you actually respond to those threats? 3:25And unfortunately, most studies still show that the vast majority of organizations 3:29still have not defined and tested incident response playbooks 3:34or run books for the major events they're worried about. 3:36So I'm going to write the default state as a null said, 3:39I was a math minor in college and I like math symbols. 3:42That means that most organizations are making up their incident 3:45response playbooks 3:47after something happens and it doesn't take a social psychologist 3:50to point out that the worst time to come up with a collaborative 3:54plan is when everybody's running around pointing fingers at each other. 3:57So the way to improve that is first to grow awareness 4:01outside of just the cyber team that security really is everyone's job. 4:05And that's where things like cyber ranges come in really handy. 4:08And then ultimately, not only defining, but automating 4:13the incident response playbooks. 4:15Okay. 4:15That's how the typical threat management organization works today 4:19and what they seek to do is 4:20how do we continually get more mature of how we're doing this. 4:25Okay, so that's just the way it exists today. 4:27However, when an organization is migrating to hybrid cloud and leveraging A.I. 4:33more, as I said, there's some physics issues that cause 4:36cybersecurity teams to have to modernize. 4:39And in threat management, the first of the two use cases 4:42I'm going to take you through. 4:43There are three ways this cyber teams are modernizing. 4:48The first one is based on the stark reality, and it's amazing that nobody 4:53was really thinking about this until about a year and a half or two years ago. 4:57But all of our threat detection activities are generally reactive. 5:02What I mean by that is that all these different sources right 5:05coming into our detector are generally sent technology 5:09to to do security analytics is responding to signals of things 5:13happening to us right now. 5:15So in other words, bluntly, we're not really looking for attack 5:20able surfaces until they're getting attacked, 5:23and then we're trying to find out as quick as possible what's going on. 5:26So there are obviously two leads to the obvious question, which is 5:30why don't we get proactive about looking for attack able surfaces 5:35and then protecting those surfaces before anyone does attack? 5:39So that's the first of the three trends in cyber modernization 5:44for threat management is the fact that what we're realizing 5:48that we need to do now is not only do it the way we've been doing it, 5:53but we also need to identify 5:57the attack surface proactively. 5:59So we go from reactive only into proactive 6:06and with the term everybody to use in these days 6:08is attack surface management for the right reasons, right. 6:12And then lockdown and protect 6:17the most attacked surfaces, starting with endpoints. 6:20And of course, most organizations 6:22will have some kind of EDR tooling in place today. 6:25But what we're finding is there's some Achilles heels 6:28to most of those tools, such as the fact that the malware is getting smarter. 6:32And if it sees it's being watched, then what it will do 6:35is it won't fire right while it's being watched by the EDR tool. 6:40So what we see is the need for greater stealth. 6:43For example, running EDR as a hypervisor as opposed in the operating system. 6:48And then this is one of many, many areas where A.I. 6:51is a huge plus because, for example, 6:55a lot of EDR tools essentially operate on signatures. 6:58And of course the malware is constantly evolving. 7:01And so if you as an air engine, then you can actually detect new 7:05strains, live and protect a live, right? 7:08So this ability to get proactive about finding the attack surface 7:13and about protecting the surfaces, not only endpoints, also transactions, 7:17devices and stuff like that, 7:19that is the first of three ways 7:22that cyber teams are modernizing the threat management. 7:25You have to get proactive. 7:28The second way cyber teams are modernizing is literally following 7:32the lead of what I.T in our Agile DevOps teams and organizations are doing, 7:37and that's building cyber on an open platform. 7:41Now what do I mean by that? 7:43So let me show you this because this is actually pretty dramatic. 7:47What I mean by that 7:50is that when you look at the typical cyber 7:53tools today, 7:57every cyber tool has functionality that, you know, 8:01you use to do this cool cyber protection stuff, whatever happens to be. 8:06And then underneath that tool is some kind of built in infrastructure 8:10that the vendor had to build in, you know, like a data store and stuff like that. 8:14So as you grow and perform and do more with it, it grows and performs with you. 8:20And so development shops have to not only build the functionality 8:24that you care about, but it also has to build and maintain that infrastructure 8:27code in each and every solution that you use. 8:30So when you think of the terms technical debt, the typical organization 8:34has dozens of cyber tools 8:36that has this functionality you want and this infrastructure underneath 8:39that has to be improved and updated 8:42and stuff as usage grows, etc.. 8:46So what we realized a couple of years ago is that as organizations 8:50move to hybrid cloud and kind of have a greater focus 8:53is that we really we should really be building new cyber functionality 8:58on top of the open platform of, of course, Docker and Kubernetes. 9:02In our case, of course for us, 9:03starting with Red Hat, OpenShift, since it's Enterprise Grade Kubernetes, 9:08and being able 9:11to actually get rid of having to write that code underneath each app 9:15and what it does is it frees development shops to innovate a lot faster 9:20and what it allows our clients to do is that instead of when there's 9:23a new functionality coming in, instead of putting 9:26in another thing of technical debt, instead you just turn it on and off. 9:30Microservices, right? 9:32Leveraging the scalable elastic platform underneath it. 9:36So open platform building this stuff on an open platform 9:40has become an absolutely huge thing, not only writing 9:45cyber as microservices, running on Docker and Kubernetes, 9:48but also leveraging all other open standards such as Click House 9:53for Scalable Elastic database underneath the solutions. 9:56Right? 9:57So that's the second way Cyber teams are modernizing is shifting 10:02towards microservices, which are just far easier to consume 10:05and far easier to innovate on faster. 10:08Now that's the second one. 10:10So it's getting proactive and secondly, moving to an open platform. 10:13And then the third one is kind of the, you know, icing on the cake. 10:16It's the big thing. 10:18And the big thing is, is that as cyber teams 10:21start modernizing by getting proactive and building in an open platform, 10:25then there is some net benefit which is very measurable 10:30to our security analysts. 10:32In particular, we see analyst acceleration, meaning 10:38security analysts are able to do things 10:42much faster than they've done before. 10:45And there's two particular innovations in the industry 10:48that we've helped steer spearhead that have had a dramatic impact. 10:52The first one is called Federation 10:57and the second one is a unified workflow. 11:03What are these things? 11:05Well, remember I said at the beginning there's some physics problems 11:09as you move to hybrid cloud. 11:10Here's one of the fundamental ones, is that as your organization starts 11:14deploying workloads in one or more cloud providers, 11:18then obviously you're going to start generating cyber relevant, 11:21relevant information in one or more clouds. 11:24And as you do that, of course, what everybody says is, 11:27I know what to do with that data. 11:29I'm going to go over here to the tech bubble 11:31and I'm just going to constantly pull that data into whatever right. 11:34I'm using for Syn to evaluate that stuff. 11:38The problem there, of course, is twofold. 11:40Number one is that the cloud business model is to 11:43have you move more to it, not take off of it. 11:46So the cloud providers charge you an egress charge to pull that data 11:50off of the cloud, to pull it into your local tooling and depend. 11:55Then depending on what local tooling you're using, you have to pay 11:58and pay an integral charge, right, to ingest that data. 12:02So in essence, to do what we've done for the last 20 years 12:05in the cyber industry, which is pull everything into that one place, 12:08is that you're signing up for potentially a double tax 12:11that's only going to get larger and larger, right? 12:14I've heard CFO say to assist CISOs in the past, 12:17you're not really thinking clearly. 12:19I'm not going to give you approval to do that. 12:21And so what happens is the physics of it 12:24is you start to do some unnatural acts. 12:27We see some clients 12:28that will say, Well, 12:29I'm just not going to collect all that data 12:31because I don't want to pay that egress charge. 12:32Or they'll say, I'll pre process on the cloud platform and then send it down. 12:37But then you lose a lot of the richness of the data that the SIM tool is. 12:41It's a good one right. 12:42Can do a lot of of of analysis on 12:46so that's causing a serious problem across the industry right now. 12:50What federation means is Federated Search and Federated investigation. 12:54When you see an indicator of compromised, what you're able to do is instead of 12:58having to pull that data from the cloud, instead you can just query it. 13:01You don't have to move it, and then you do a real time investigation. 13:05So your investigations are faster and you completely eliminate. 13:09Those were basically permanent taxes, the egress and just charge it. 13:13And so that's federation. 13:15So that's one radical thing that is all about cyber modernization. 13:20The second one is unified workflow. 13:22One of the things we discovered is that when you start doing Federated 13:24Investigations, you're able to actually build a workflow 13:28from proactive detection 13:32confirmation kicking off playbooks. 13:35You can all do that as a unified workflow. 13:38And because you're able to query what other tools are seeing instead 13:41of having to run around and check each tool for what 13:44they're seeing and something you see it all on a single console. 13:47So you have a unified workflow 13:48and a unified gully by which you can see what all the tools are saying. 13:52All right. 13:53So that's the first of the two major parts of what 13:56we're going to share cyber modernization and threat management. 13:59It's all about getting proactive about attack, surface management and protection. 14:03Secondly, is going to an open platform. 14:05So you shift from building technical debt constantly enough to integrate stuff 14:10all the time 14:11to just going to turning it on and off microservices on an elastic platform. 14:15And then finally is we're able to literally accelerate 14:20how the analysts do their job through federation and unified workflow. 14:24So that's the first of the two. 14:26Now let's talk about the second 14:29major area that is seeing big changes 14:33from cyber modernization, and that is data protection. 14:40You know, 14:40oftentimes our conversations with cyber organizations is data security 14:44is always important, but it's usually kind of a 20% discussion, maybe 30%. 14:50And 6070 is under threat management. 14:52And we've seen a big change in part because of increased 14:57regulations in part because there's a lot of war stories out there. 15:01Right. 15:01Of data getting compromised across hybrid cloud and stuff like that. 15:06So data protection, we're also seeing a massive change 15:09because as organizations go to hybrid cloud, what it's doing 15:13is essentially accentuating problems that were already there. 15:18But we had figured out in the past organizations had figured out in the past 15:23how to put in compensating controls to address the problem. 15:27You know, a big example of this is that I've seen a couple of studies 15:31on what percentage of organizations are confident 15:35they know where all their sensitive data is in a hybrid cloud deployment. 15:39And in the numbers that I've seen are between seven and 30% 15:42feel confident they know where all their sensitive data is. 15:46And my typical conversation with a, you know, CISO 15:50or a CISO is whenever I share that statistic, 15:54they'll laugh and say, yeah, and that 7 to 30% are lying. 15:58All right. We know it's an ongoing issue. 16:00So once you go to hybrid cloud, where as you may have been able 16:04to put compensating controls before around data protection, it was all on prem. 16:09Once you go to hybrid cloud, you kind of lose 16:12that control, especially if you have agile DevOps teams putting out workloads. 16:15Sometimes you're not even fully aware of, Right. 16:19So what is happening there? 16:21Well, what we're seeing is the way cyber teams are modernizing 16:24their data protection is by focus, 16:27sitting on a discrete set of controls 16:31that allow them to do the following. 16:34How do you make sure 16:37that only the right users 16:41have only the right access 16:45to only the right data 16:49for only the right reason? 16:53And all the projects that we're doing with clients? 16:55What we're seeing is that there is a coordinated set of controls 16:59for hybrid hybrid cloud data protection with some cool innovation 17:04that I'm going to share with you here of making sure that you have both the IAM 17:09the identity and access management system as well as the data protection 17:13beyond it all working together to do this well. 17:17So let me take you briefly through what are the controls that we see 17:20most organizations focused on and what are the innovations 17:23that are essentially the modernized way of doing data protection? 17:27So first of all, how do you make sure that only the right users can come in? 17:30What everybody starts with is governance, 17:33identity, governance, who has access to what? 17:36Because, look, 17:36if you don't know who has access to what, I can do anything else, right? 17:39The second thing that we see everybody focused on right now 17:43is privileged account management. 17:45You know, somehow 20 years after Sarbanes-Oxley, this is still a 17:49major problem, but it comes from the fact that Pan is not simple. 17:54The technologies are really good out there to do it, but 17:57getting the processes and getting a whole organization to work together 18:01well to implement it across the board has always been a tough out. 18:05And so the typical shop we walk into will have 18:08some privileged account management but spotty deployment. 18:11But now that we're seeing like cyber insurance providers, a lot of them now 18:15will not reissue or renew a policy if you don't have pan across the board. 18:19That's driving a ton of the tension here. Right. 18:22And then ultimately, where you want to get to here is identity analytics. 18:27And what this means is it's kind of like an identity posture thing. 18:31You say who has access to what, but does that really make sense? 18:34Right? 18:35So we see a lot of activity of focusing on controls to be able to do this. 18:41Then the next thing is I'm letting the right users 18:44in how to make sure they only get the right access. 18:46Of course, I mean, for 20 plus years. Right. 18:50And the whole idea of access management 18:53has been fundamental and continues to be in the industry. 18:56But the white hot piece for modernizing 18:59this part of it is what a lot of people are calling adaptive 19:04access and what is adaptive access. 19:08It essentially is multifactor authentication, MFA on steroids, right? 19:13What do I mean by that? 19:15So typical MFA tool bobs on the same 19:19laptop, configured in the same way from the same location 19:24that is connected to me the last 250 times. 19:27So when he goes comes in for the 251st time, that sounds like a low risk thing. 19:31However, 19:33if you pull in a lot of fraud detection algorithms 19:36that have been developed over the years, 19:37especially in the financial services industry, you can detect that. 19:40Well, you know, but if you look at Bob's typing rate 19:44and his error rate and his typing, 19:47you know, Bob, that might not be Bob, 19:50we need to do some quick, you know, step up authentication. 19:53So adaptive access is all about 19:56essentially advanced ways of applying MFA. 19:59So you start looking behaviorally at what's going on out there in real time. 20:04And so that's really cool. 20:05Then once we've got the right users getting the right access, 20:08then we get to the right data and remember the seven or 30%, are they lying? 20:14They actually are confident. 20:15They know where all their sensitive data is. 20:18There's three 20:20pieces that have gotten white hot very quickly here. 20:23The first, which has been around a while, 20:26is how do you identify 20:29sensitive data across a hybrid cloud environment? 20:33Right? 20:33So it's discovering classification, but it's doing it consistently, 20:39including reaching into not only on prem and hybrid cloud environments, 20:45but also into cloud native apps. 20:49This has been a blindspot for everybody for a while. 20:52It's how do you detect it? 20:53Someone's taken a copy 20:54because they had legitimate access to a piece of sensitive data, 20:58but then they put it, for example, in a Slack message 21:01and send it to some people who weren't supposed to have access to it. 21:03Nobody said visibility to that. 21:05So the ability to do identification 21:08of sensitive data, even into SAS apps has become huge. 21:12And then the second piece, which is also gotten huge very quickly, is posture. 21:19What does this mean? 21:20What does data security posture mean? 21:22There's a new term that's being bandied about a lot and rightfully 21:26so, called DSP and data security posture management. 21:29And what DSP is all about is not only do 21:33I know where the sensitive data is, but then 21:37who can access that data if, 21:39regardless if they're accessing it yet, who can actually look at that data? 21:43And does that make sense? 21:45And then third is who's actually looking at it. 21:47So once again, find the sensitive data 21:50anywhere, including in apps. 21:53Look at who can get access to it. 21:55The posture essentially is that good or bad 21:58or do we have to make changes and then who's actually looking at it? 22:01So this whole idea of data security posture management 22:04once again has gotten hot very, very quickly for obvious reasons. 22:07And then once you find it, you've got to protect it. 22:10All right. 22:12So let's protect that 22:14sensitive data that includes data level access control. 22:17It includes data encryption, of course. 22:20Right. Etc., etc.. 22:22So being able to do this one, 22:25this one is so white hot right now, it's not even funny. 22:29So that's a huge one. 22:32And then let's get to the last piece. 22:34Make sure the right users get only 22:36the right access to only data for only the right reason. 22:39What does that mean? 22:41Well, I've seen for decades I've been doing cyber for almost three decades now. 22:46And as I've worked with clients on this, everybody would like to look at access 22:51to sensitive data over long periods of time, 22:54but most don't because it takes a lot of storage space 22:56and they don't have the algorithms really to check it. 23:00But looking at access to sensitive data over a long period of time has always been 23:04something that people have wanted to do and yet few do. 23:08And so I'm going to start with another null set here because few people do this. 23:13What we see people wanting to do is 23:15look at things like, how can I detect insider threat activity 23:20by looking at what's happening with access to sensitive data? 23:24And then ultimately, because we're seeing this acute problem 23:28in most shops with increasing regs, the amount of time that the teams 23:32are having to spending to prove compliance, adherence to regulations 23:37is starting to get out of control in some places. 23:39And so not only being able to detect things like insider threat, 23:43but then also being until automatically generate compliance 23:46reporting and stuff like that. Right. 23:49So that has become a big deal. 23:51So this is what's happening out there on modernizing data protection. 23:56It's around getting our act together on identity management better. 24:01It's getting into looking at the data security posture, 24:05not only protecting it, but also including that obviously, 24:08and then looking at access to sensitive data over long periods of time. 24:12So you can find things that frankly, you missed the first time. 24:15Okay. 24:16So at IBM, we have been investing around addressing this stuff for three 24:23or four years because we saw this coming rate, IBM as a hybrid cloud in a company. 24:29So not only how are we addressing the hybrid cloud 24:34stuff that comes 24:35up, but we're also infusing a AI, right? 24:38We made our major announcement of our Watson X platform 24:41and we are infusing AI across almost every piece 24:44that you see up here in our technologies that we've done to do this. 24:48so that's what we're seeing happening to cybersecurity programs, 24:52how they're really being driven to modernize 24:55as the organizations around them are modernizing the hybrid cloud 24:59and leveraging A.I. much more. 25:01So it's modernizing how we do threat management, 25:04getting proactive about finding the attack surface 25:07and protecting the surfaces rather than wait till someone attacks them. 25:11And then secondly, is moving to an open platform. 25:14So you get all the advantages of innovation 25:16and integration and scalability and performance, 25:20and then ultimately enable your security analysts to accelerate 25:25what they do through Federated search and Investigation, 25:28as well as a unified workflow. 25:30And then on data protection, making sure that you have an integrated view 25:35of both identity and access management, as well as data security, 25:38including proactively and constantly identifying, 25:43discovering the sensitive data, checking its posture, who can get access to it? 25:47Does it make sense? Who's accessing it? 25:49Does it make sense? Right. 25:50Protecting that data through encryption and data level, access control, etc. 25:54And then also looking at data usage over long periods of time 25:58to be able to detect problems like insider threat and ultimately 26:01being able to automate compliance reporting as much as possible. 26:05So our teams aren't just stuck on that all the time. 26:08That's what's going on with cyber today. 26:10That's something 26:11that we're very passionate about that we've invested a lot in to address. 26:14And so thank you for your time. 26:17If you like this video and want to see more like it, please like and subscribe. 26:22If you have questions, please drop them in the comments below. 34:11So what I'm going to close with is just show you a quick mapping 34:14of what we're actually doing across these things. 34:18So what we've done for proactive 34:21identification of the attack surface is we acquired about a year and a half ago 34:26a company called Ran Dory out of Cambridge, Massachusetts. 34:31They were the leader in the very young, 34:34fresh space of attack surface management and ran. 34:38Dory is now part of us for protect for endpoint management. 34:42We went out and find this and 34:44found this incredibly innovative company called React to about two years ago. 34:48A lot of the Netherlands and we now call that Q radar EDR 34:56and that is an incredible tool 34:58that does run as a hypervisor and has an air engine attached to it. 35:03And so it addresses the Achilles heels that I mentioned 35:05that a lot of EDR tools out then for detect and respond. 35:09Most people are well aware of our cue radar platform and this is our key radar SIM 35:19and Q Radar saw, 35:24and most people are also aware 35:25that we have a credible cyber range 35:29that help that, you know, hundreds of clients have used 35:33to help the organization all realize that, yes, cyber is everybody's job 35:37and how do we work together better for the open platform? 35:41We have gone all in on this and we announced something 35:44just recently called Hue Radar Log Insights. 35:48And what curator log insights gives us 35:52is essentially going to open standards, 35:56open source for the back end for our capabilities based on Click house. 36:01Right. 36:01And one of the if not the leading elastic databases that's cloud native. 36:06And so we're essentially providing the ability to have this elastic back end. 36:11So the discussion around having to build infrastructure in our solutions, 36:14which is used as the infrastructure, right? 36:17So very powerful. 36:18And then this analyst acceleration piece, this federated search and investigation, 36:23as well as a unified workflow, we announced just recently our Q 36:27radar suite, which gives us the ability to do those things. 36:32And to be honest with you, 36:33we've actually had the federated support for a couple of years now. 36:37It's just people are realizing 36:38how powerful it is of getting rid of those egress charges and stuff like that. 36:42So that's the threat management side of things. 36:44And then on the data protection side of things for user 36:48and access management, that of course is our verified portfolio. 36:56And we also 36:57have our Z secure portfolio extending that to the mainframe. 37:00So we also have that. 37:02And then for data protection for for identifying the data, 37:07for doing the posture management and then actually protecting the data. 37:10It is our Guardian platform. 37:15We have Guardian 37:16data protection, we have Guardian data encryption 37:21number one product in the market, and then we also, 37:25for the posture management just announced just recently 37:28our acquisition of an Israeli company called Polar Security. 37:32So Polar gives us the ability to do that posture management that I mentioned, 37:38the three layers of it, including seeing the data in the SAS apps, 37:43incredibly powerful, a great addition for us. 37:46And then the final piece of being able to look at sensitive data 37:50access over long periods of time and seeing trends, etc.. 37:53That is our cloud native extension to Guardian, that's called Guardian Insights 38:00and that 38:01includes the polar capability as well. 38:05That helps as well. 38:06And you'll see us integrate that stuff together. 38:08So that's what's going on with cyber cyber modernization 38:12as organizations are going to hybrid cloud and leveraging A.I. 38:15more, it's causing those physics such as those egress 38:18charges and stuff that we in the cyber space have to adapt to. 38:22And what we've done in IBM security have been investing for several years now 38:26to allow you to do those things, to ultimately deliver that increased value 38:30of being able to get the analyst to do their job much better as being 38:34able to innovate for you far