Insights / Blog / Thoughts on IBM Think and Cybersecurity
February 15, 2019

Thoughts on IBM Think and Cybersecurity

Jon Oltsik
Analyst Emeritus, Cybersecurity Strategies

Market Topics

Cybersecurity

GettyImages-641199986I just got back from attending IBM Think in San Francisco. Though it was a quick trip across the country, I was inundated with IBM’s vision, covering topics from A (i.e., artificial intelligence) to Z (i.e., System Z) and everything in between. 

Despite the wide-ranging discussion, IBM’s main focus was on three areas: 1) Hybrid cloud, 2) Advanced analytics, and 3) Security. For example, IBM’s hybrid cloud discussion centered on digital transformation and leaned heavily on its Red Hat acquisition, while advanced analytics included artificial intelligence, cognitive computing (Watson), neural networks, etc. To demonstrate its capabilities in these areas, IBM paraded out customers like Geico, Hyundai Credit Corporation, and Santander Bank, who are betting on IBM for game-changing digital transformation projects.

 As for cybersecurity, here are a few of my takeaways:

  1. Not surprisingly, IBM is all-in on cybersecurity services which now account for more than 50% of its cybersecurity revenue. According to ESG research (and lots of other industry sources), cybersecurity services growth will continue to outpace products due to the global cybersecurity skills shortage. IBM is banking on this trend by adding staff, investing in back-end systems and processes, and rolling out new service offerings. For example, IBM is working with partners on a managed services program where local partners benefit from IBM’s global resources, analytics, and threat intelligence. Overall, IBM has a unique opportunity to separate itself from the pack and could become the de facto enterprise cybersecurity services leader.
  2. Most cybersecurity professionals think of IBM QRadar as a SIEM, competing with the likes of ArcSight, LogRhythm, and Splunk. While this perspective is true, it minimizes its value. QRadar is really a security operations and analytics platform architecture (SOAPA). Customers can use QRadar as a security operations nexus, adding functionality like network traffic analysis (NTA), vulnerability management (VM), and user behavior analytics (UBA) to the core system. What’s more, QRadar offers several helper applications like DNS analytics, most of which are free. Finally, QRadar has thousands of customers around the world. IBM has some work ahead here – it needs to gain cybersecurity street cred by marketing QRadar as a SOAPA offering and global cybersecurity community, rather than a plain old SIEM.
  3. IBM is embracing security “from the cloud.” For example, QRadar on cloud (QROC) revenue grew over 20%, demonstrating that customers want the value of QRadar without the infrastructure baggage of on-premises collectors, databases, servers, etc. IBM is also poised to roll out its IBM Security Connected (ICS) platform in Q2. In keeping with its minimalist communications, IBM hasn’t trumpeted the ICS initiative but in my humble opinion, it represents a major change in direction. For ICS, IBM rewrote its security applications as microservices to build a foundation of cloud integration and scale. Thus, ICS applications will grow from discrete SaaS offerings to an integrated cloud-scale cybersecurity architecture over time. Oh, and ICS will come with lots of services options for everything from staff augmentation to outsourcing. ICS has the potential to be a big deal for overwhelmed CISOs with global responsibilities and the need for massive cybersecurity scale.
  4. Resilient is an enterprise-class security operations platform. When IBM acquired Resilient Systems a few years ago, it gained a technology leader but sort of ceded the SOAR buzz to other vendors. This is a shame. Resilient may require a bit more work than some of its competitors, but I find that customers are using Resilient to re-architect their security operations processes and establish real and measurable security operations metrics. To me, this is where security operations platforms must go – beyond quick automation and orchestration wins to anchoring security process re-engineering.

IBM’s security portfolio is pretty solid, and the company seems to be more energized than in the past. After attending IBM Think, I do have a few cybersecurity recommendations for folks in Armonk and Cambridge, MA:

  1. While IBM Think has a strong hybrid cloud theme, the IBM security hybrid cloud story remains disjointed – an identity story here, a data security story there, etc. This leads to IBM being outflanked by cloud-savvy security startups. IBM needs a cohesive tightly integrated product offering and messaging framework here.
  2. IBM’s risk management services are solid but somewhat hidden. According to recent ESG research, there is a growing cyber risk management gap between what business executives need and what cybersecurity professionals can deliver. Given its industry knowledge and relationships, IBM should be doing more in the cyber risk management space – at the product and services level.
  3. Closely related to #2, cybersecurity is truly a boardroom-level issue – especially for traditional IBM customers. I find that there is a disconnect between IBM’s corporate focus on digital transformation, industry solutions, and hybrid clouds and its cybersecurity go-to-market, which remains centered within the bits-and-bytes. Again, IBM is in a unique position to figure out a more top-down approach (i.e., from the business down to the technology) and deliver business-centric cybersecurity solutions to customers.
  4. IBM spent millions of dollars on a Watson for cybersecurity advertising campaign, but few cybersecurity professionals have a clue about what Watson for cybersecurity is. The suits in Armonk should pump the advertising brakes and dedicate more toward market education by working with professional organizations like ISSA, ISC2, SANS, the Infosec Institute, etc.

In general, Armonk must understand that the IBM brand is a marketing obstacle when competing for mindshare with the likes of vendors like CrowdStrike, FireEye, Palo Alto Networks, etc. Thus, IBM security must work harder and smarter to get the word out. 

Many thanks to IBM for hosting me in San Francisco this week. I’ll be back at the Moscone Center for RSA in the blink of an eye. 

Unparalleled insights from analysts with an "insider" perspective

From strategy and product development to competitive insights and content creation, we deliver high-quality, actionable support services.