How IBM Helps Organizations to Improve Security with Incident Response

Protecting organizations against cyber-security threats isn't just about prevention, it's also about incident response. There are many different organizations that provide these security capabilities, including IBM X-Force Incident Response and Intelligence Services (IRIS), which is led by Wendi Whitmore.

In the attached video interview Whitmore explains how incident response works and how she helps organizations to define a winning strategy. Succeeding at incident response in Whitmore's view, shouldn't be focused just on prevention but on building a resilient environment.

"The win is not that an attacker will never come back to the organization, it's about how you build a resilient enough environment where you have layers of detection, that we can alert on in the future." Whitmore said.

Whitmore said that IBM X-Force IRIS talks about the 'win' in terms of decreasing the timeframe it takes to detect malicious activities, respond to attacks and then ultimately to mitigate or prevent attacks. By being able to rapidly identify and respond to threat, the goal is take make it harder for attackers to be successful.

Working with Incident Response

When an initial call comes into IBM X-Force IRIS about a security incident, Whitmore said that typically there is a lot of chaos at the targeted organization. She said that the first questions that are usually asked by IBM X-Force IRIS are about getting an understanding of what the victim organization knows and what actions have already been taken.

"We're really looking to bring some calm to the situation," Whitmore said.

Managing expectations is a key challenge that faces Whitmore and her team as those that have suffered an incident tend to want answers quickly.  IBM X-Force IRIS will deals with different groups of people within organizations that have suffered a cyber-security incident including IT security staff and executive management. Whitmore added that part of incident response involves preparing senior executives so they can brief a board of directors and communicate with the media as well.


Figuring out who is behind an attack is not an easy task in the aftermath of a cyber-security incident. 

Whitmore explained that attribution isn't just about assigning blame, rather it's also about figuring out how to help better protect an organization against the next attack. She said that what IBM X-Force IRIS does is it looks at the the most technical level possible to understand which data points it has and how that relates to attribution. She said that part of the process is to do provide clients with an impact analysis, such that if data was stolen, the organization will understand where the data went and how it could impact the business moving forward.

"It's (attribution) also important from the perspective of understanding the intent of the attacker and what their next steps might be, so you can effectively defend against those steps," she said.

Watch the full video interview with  Wendi Whitmore Global Partner and Lead, IBM X-Force Incident Response and Intelligence Services (IRIS) above.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.