Harnessing the power of cognitive security
Wimbledon relies on IBM to provide not only the technology infrastructure that differentiates its brand in the world of sports but also the IT security measures that help protect it. While the staff at the AELTC and the fans focused on the courts, the IBM cognitive security operations center (SOC) focused on safeguarding the tournament’s website.
“Although we spend a year in planning for Wimbledon, we really only have two weeks to get it right, when we are the focus of millions of people,” comments Alexandra Willis. “A security breach during those two weeks would be really damaging to the Wimbledon brand. And because Wimbledon is so much a part of the fabric of British identity, a successful attack could be perceived as more than just targeting a tennis event.”
The key word here is “successful.” Martin Borrett, IBM Distinguished Engineer and Chief Technology Officer for IBM Europe, notes: “We saw nearly 200 million security events over the course of the tournament. Wimbledon trusts IBM Security and our cloud to detect and block the real threats.”
The Wimbledon website is protected by multiple security products, at the core of which is IBM® QRadar® SIEM, a security intelligence platform that brings together data from literally thousands of endpoints and devices across the infrastructure, correlates it and helps the security team prioritize and identify the threats they are facing.
For Wimbledon 2017, IBM Security added Watson™ for Cyber Security, bringing a new set of cognitive capabilities that allow the security team to manage threats faster and far more effectively. IBM QRadar Advisor with Watson addresses a key issue facing security operations today: the volume of security incidents and available threat data far exceeds the capacity of even the most skilled security professional.
With QRadar Advisor with Watson, an analyst is provided with a description of the threat and a recommended set of actions based on Watson’s analysis of the threat. Watson’s great skill isn’t the ability to comb through huge amounts of information (though it does that too), it’s the ability to contextualize that information by combining structured data such as specific security events with unstructured data like white papers, research reports and blog posts.
“Where it might have taken 60 minutes to analyze a security threat, with help from Watson an analyst can do it in just a minute. That 60x increase in speed translates into being able to tackle a fivefold volume of incidents and alerts,” Martin Borrett explains.
“So it helps the team bridge gaps in expertise and resources to deal with the ever increasing volume of threats we see year over year. Tackling those and understanding which are the real threats that could be harmful and which are the false positives that can be safely ignored is a huge challenge.”
Assistance from Watson helps position the team to address the evolving threat landscape. Attacks have become more sophisticated as hackers collaborate across geographies and use increasingly advanced infrastructure and techniques. For example, Martin Borrett notes, “This year we noticed a ‘low and slow’ coordinated attack. It began with a kind of distributed denial of service attack that actually wasn’t an attempt to disrupt the website. It was a distraction and a cover up of the real threat. That’s something we’ve not seen before.”
Protecting the Wimbledon brand
“Our ambition has always been that the experience of Wimbledon embodies this idea of tennis in an English garden. So it’s a beautiful experience, like a swan floating across a lake,” says Alexandra Willis. “But what you don’t see is all the activity that’s going on underneath—in our case, the teams that IBM provides us with that the public doesn’t ever know about.”
With IBM focused on operating and protecting Wimbledon’s digital properties, the Wimbledon team is free to focus on the courts, not the cloud—putting on the world-class tennis experience that stands behind the Wimbledon brand. Behind the scenes, cognitive security, IBM technology and the security specialists who monitor and manage the daily deluge of events, incidents and attacks combine to keep the personal data of Wimbledon fans out of the hands of hackers.
Alexandra Willis comments: “The most important thing in working with any partner is having trust. Wimbledon and IBM have been partners for more than 25 years, and we have built up a considerable amount of trust.
“Thankfully we haven’t had a major challenge in the security area over those 25-plus years, which is fundamental proof that IBM is offering us a good service—particularly in the context of today’s day and age when hacks and security breaches are common. We read about them in the paper often, so it’s even more important to know that that trust is there and that resilience is there if ever a problem should arise.”