De-Siloing Security Analytics and Intelligence Gathering in IoT: An IBM Perspective

Security analytics have become an almost indispensable option for IoT intelligence operations, transcending the boundaries of digital security operations and finding direct applications into deployment, management, and even monetization of IoT assets. One of the many insights gathered after multiple rounds of research interviews with both security vendors and IoT players was de-siloing security operations—a vital, albeit somewhat elusive, trait for many organizations.

Although it may sound counter-intuitive, often times intelligence gathered from different applications, systems, or even devices is not pooled in an efficient manner. Data aggregation is sub-optimal at best, and only approximately 7–13% of data gathered from edge devices actually make it to intelligence operations. The true scope of security analytics and the concept of de-siloing intelligence can be observed in high-tier organizations, of which IBM is one of the most prominent.

IBM is an innovative vendor exhibiting an IoT security service archetype which, in short, can be described as “all roads lead to Watson.” As one of the leading global cloud intelligence powerhouses, IBM offers a breadth of IoT security and management services as part of its Watson IoT platform. Watson is IBM’s flagship service, providing intelligent processing for a host of markets worldwide (from healthcare, to retail, to weather systems), including IoT and cybersecurity operations. It also powers other prominent IoT tools like the X-Force Red, an IoT-focused security service geared toward connectivity protection and next-gen IoT penetration testing, and IBM Maximo, which leverages Watson’s advanced analytics components to provide a monitoring solution, and the IBM Marketplace offering IoT security and management tools. The firm’s solutions offered in the IBM Marketplace feature everything from lifecycle management, infrastructure, middleware and VMs (virtual machines) to crypto-processing, HSMs (hardware security modules), cloud ID authentication, endpoint management and protection.

The firm has also positioned itself alongside strong strategic partners, greatly extending cybersecurity service offerings and gaining a multifaceted perspective on IoT security operations. These include security orchestration, exchanging cyber-threat and network telemetry with Cisco; unified endpoint management and data protection with Wandera; AI/ML data lakes, cloud workload, and infrastructure efficiency with Vmware; and SIEM-based integrations with Tenable and Crowdstrike, among many other firms and security industry alliances.

What IBM does very well is tackling the IoT security perspective through sheer IT strength, de-siloing intelligence, positioning in key operations (orchestration, SIEM, ID endpoint management, cloud architecture flexibility, etc.) and powerful partnerships across IT environments—and that is the key term: IT. However, IoT security revolves many other crucial aspects across key industries (particularly OT environments like industrial and healthcare), and a plethora of non-IT communication protocols (e.g., LPWA and cellular). In response, in early-to-mid 2020 IBM also unveiled a vital OT-focused umbrella service with the prospect of enhancing OT data gathering from ICS (industrial control systems), sensors, devices, and SCADA (supervisory control and data acquisition) operations, targeting security during the rapidly unfolding digitization of the industrial market.

ABI Research suggests the following key recommendations in order to realize de-siloing security intelligence operations:

• First, de-silo analytics and intelligence operations across the board, allowing AI tools to learn, adapt, and evolve from one another and from successful (as well as unsuccessful) client operations.
• Second, centralize all intelligence processing in a streamlined manner that allows easy exchange of information and boosts intelligence development across all tools.
• Third, it should not hinder data management or algorithm adjustments, but it should take into account the proper data anonymization protocols from any data gathered by customer networks.

Analytics products can draw information from other security products located on-premises, implement data from online databases and other cloud-based sources (including information from cloud vendors supporting any type of infrastructure, or through the developing company’s repository), or simply tap into the implementers’ network drawing data straight from the source in order to become “accustomed” to a particular network (i.e., customized and targeted machine learning processes, establishing a normalized behavioral pattern, accounting for the specific nature and interaction between users, devices, and servers, etc.).

This centralized intelligence archetype for IoT security services is expected to become increasingly popular over time among many IoT contenders and security vendors. However, few companies exemplify this notion as prominently as IBM, where almost every single product, tool, and service (no matter its IaaS/PaaS/SaaS function) is linked back to both learn from and reinforce its core intelligence operations.