IBM’s Cyber Range: Real World Training for Online Threat Response

By Charles King. Pund-IT, Inc.  December 14, 2016

It’s easy enough to see why cyber criminals do what they do. Like generations of past miscreants, they, to paraphrase legendary bank robber Willie Sutton, pursue crime online because that’s where the valuables are.

For some, that means hacking corporate data bases for user credentials and intellectual property that can be hawked on the dark web. For others, the Internet offers a pathway for installing ransomware and demanding payment for its removal. Still others steal information that can be used for competitive or political gain, including nation states that game elections for preferred candidates.

If cybercriminal inspiration and intent are so easy to deduce, why do people have such a hard time responding to online threats and defending themselves? That’s a question with no single answer. Instead, organizations face a variety of factors, including:

  • Highly organized and financed cybercriminals who are constantly exploring new attack vectors and evolving new strategies;
  • Employee and work group endpoints that are continually being replaced, making them difficult or impossible to manage effectively;
  • Aging heterogeneous internal systems that can defy comprehensive security solutions;
  • Regulatory requirements that vary from region to region, country to country and state to state, and touch virtually every member of and process in a company’s value chain; and
  • A security industry that is often deeply fragmented, making it difficult for businesses to determine optimal services and solutions.

In essence, security is a three-dimensional issue touching technical, intelligence, business, legal and compliance functions, thus confounding or defeating highly specialized solutions.

Given these challenges, what can organizations do? IBM Security believes it has the answer and is investing the financial and human capital necessary to bring its vision to life.

IBM’s Cyber Range

Earlier this year, IBM Security announced plans for a $200 million expansion of its incident response capabilities. That included a new, recently opened global headquarters in Cambridge, Massachusetts that features the industry’s first physical Cyber Range.

What is a Cyber Range exactly? Think of it as a “flight simulator” where IBM customers can learn to experience and defeat cyberattacks. As the company noted in its announcement, the Cyber Range, “Uses live malware, ransomware and other real-world hacker tools culled from the dark web to deliver realistic cyberattack experiences.”

Leveraging an air-gapped network, the Cyber Range supports a fictitious corporation that consists of one petabyte of information, 3,000+ users and a simulated version of the Internet that can be subjected to simulated attacks. Participating IBM clients use the fictional environment to defend against and shut down cyberattacks.

Why is that important? For the same reason that professional pilots use simulators to train for encounters with challenging, hazardous, even catastrophic events. At the end of the day, it’s far better for IT professionals to have a taste of what’s coming when their organizations are attacked rather than learning “on the fly” during confusing, destructive and expensive real events.

That should make IBM Security’s Cyber Range a necessity for organizations actively preparing for the worst that cybercriminals have to offer.

X-Force expansion

While fascinating on its own, the Cyber Range wasn’t the only element featured in the announcement. Along with its new Cambridge headquarters, IBM Security also launched a IBM X-Force Command Center Atlanta, a security operations center that has been upgraded to handle a 75% increase in capacity, to over 35 billion security events per day.

IBM also expanded its capacity of its X-Force Command Centers in Bangalore and Poland, complementing previously modernized IBM centers in Costa Rica and Tokyo. Together, those facilities help protect IBM clients by bringing in 200,000 new pieces of threat intelligence daily via analyzing over 100 million web pages and images, and collecting data from 270 million endpoints.

Finally, IBM announced a new incident response and intelligence consulting team called IBM X-Force IRIS which includes over 100 elite cybersecurity consultants worldwide with deep expertise in incident response and threat intelligence. Led by Wendi Whitmore, who has deep expertise in investigating computer crime and managing incident response services, the X-Force IRIS team includes security consultants whose experiences span retail, political and international banking networks. Many X-Force IRIS members worked with Federal law enforcement and intelligence agencies where the intelligence collection and analysis capabilities they built are still in use.

Final analysis

What can we take away from all this? First and foremost, that IBM is committed to investing in and delivering services that can help clients ensure the security of their organizations, even as the dangers from cyber threats continues to grow. However, rather than creating simple point products, as do so many other security vendors, IBM is committed to providing solutions that support and answer the cross-functional requirements of its enterprise clients.

That is apparent in the company’s new Cyber Range and X-Force IRIS team, as well as its new and updated X-Force Command Centers. It also includes strategic acquisitions, like Resilient Systems and QRadar which have substantially increased IBM incident response capabilities.

The results have been good for the 4,500 clients in 133 countries that utilize IBM’s security services and solutions, and good for the company’s bottom line. Along with being a key strategic imperative, IBM Security has delivered consistent double digit growth since its formation, including a reported $2B in FY 2015.

Overall, this recent announcement demonstrates that IBM Security deeply understands the challenges that enterprises face from ruthlessly well-organized, well-financed cyber criminals, and is investing in the tools and services customers need to understand and respond to cyber threats.

© 2016 Pund-IT, Inc. All rights reserved.