October 22, 2024 • 40 mins
In this episode of Smart Talks with IBM, Malcolm Gladwell speaks with Jason Kelley, GM, Strategic Partners and Ecosystems at IBM, and Kristy Friedrichs, SVP and Chief Partnership Officer at Palo Alto Networks. They discuss the challenges and opportunities that the rapid development of AI brings to the cybersecurity space. Jason and Kristy also underscore how implementing a zero trust strategy can help enterprises enhance cyber resiliency and simplify operations. Together, IBM and Palo Alto Networks are delivering fully integrated, open, end-to-end security solutions to enterprises.
This is a paid advertisement from IBM. The conversations on this podcast don't necessarily represent IBM's positions, strategies or opinions.
Visit us at https://ibm.com/smarttalks
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:04):
Welcome to tech Stuff, a production from iHeartRadio. This season
on smart Talks with IBM, Malcolm Gladwell and team are
diving into the transformative world of artificial intelligence with a
fresh perspective on the concept of open What does open
(00:24):
really mean in the context of AI. It can mean
open source code or open data, but it also encompasses
fostering an ecosystem of ideas, ensuring diverse perspectives are heard,
and enabling new levels of transparency. Join hosts from your
favorite Pushkin podcasts as they explore how openness and AI
is reshaping industries, driving innovation, and redefining what's possible. You'll
(00:49):
hear from industry experts and leaders about the implications and
possibilities of open AI, and of course, Malcolm Gladwell will
be there to guide you through the season with his
unique insights. Look out for new episodes of Smart Talks
every other week on the iHeartRadio app, Apple Podcasts, or
wherever you get your podcasts, and learn more at IBM
dot com slash smart Talks.
Speaker 2 (01:14):
Hello, Hello, Welcome to Smart Talks with IBM, a podcast
from Pushkin Industries, iHeartRadio and IBM. I'm Malcolm Glappwell. This season,
we're diving back into the world of artificial intelligence, but
with a focus on the powerful concept of open its possibilities, implications,
and misconceptions. We'll look at openness from a variety of
(01:37):
angles and explore how the concept is already reshaping industries,
ways of doing business and our very notion of what's possible.
On today's episode, I'm joined by Jason Kelly, the global
Managing Partner for IBM Strategic Partners and Ecosystems, and by
Christy Fredericks, the Senior Vice president and Chief Partnership Officer
(01:59):
at Polowa Networks. We discussed how their partnership in the
cybersecurity space helps strengthen enterprises by focusing on seamless cybersecurity
solutions tailored to meet the evolving threat landscape. By leveraging
AI and automation, this collaboration aims to modernize security programs,
(02:20):
improve response times, and produce risks. Jason and Christy both
bring a tremendous amount of experience and expertise to the subject.
I think you're really going to enjoy this one, Jason, Christy,
(02:45):
Welcome to Smart Talks with IBM. Thank you for joining me.
Speaker 3 (02:48):
Thank you.
Speaker 4 (02:49):
It's great to be here.
Speaker 2 (02:50):
We are here to discuss cybersecurity and the partnership between
IBM and Palo Alto Networks. But before we get there,
I wanted you guys to tell me a little bit
out yourself. Jason, let's start with you. I see on
your resume west Point, which makes we think there's some
interesting things going on there. How did you get to
(03:11):
west Point?
Speaker 3 (03:12):
West Point? West Point was the decision. First, it was
it was affordable back in the day. But I had
a sense of service. My father was a World War
Two vet, so I grew up on the weekends watching
World War two video. You know, he's army as well. Yeah,
and so I thought, oh, that'd be exciting, and I
thought I do some type of service. Went there and
(03:35):
now I have the biggest family, extended family I could
ever have. So it was very exciting. Played football lucked out,
meaning I wasn't recruited. I walked on and that kept
me there because it gave me something and outlet with
all the other pressures. Defensive back I was. I was
great at knocking the ball down, not the best at
(03:55):
catching it.
Speaker 2 (03:55):
Yeah, and then you were a ranger I was.
Speaker 3 (04:00):
I was privileged to be a US Army airborne ranger station,
but did most of my time in northern Italy. We're
part of the eighty second Airbarnship Post. Oh yeah, that's
what people say, seriously, like, you know, you were you
were northern, you were drinking wine and having bred, you know.
But it was a part of a NATO force there
at the time. Yeah, so exciting.
Speaker 2 (04:22):
How did you get from there to IBM?
Speaker 3 (04:26):
A long path. As I came out of the military,
I started manufacturing retail housing and did a quick stint,
took a leave of absence from industry, and did a
stint of yet again public service in the state of
Tennessee with economic development and got a whiff of how
(04:48):
fun it could be to do things around data and media.
Started a small media firm what we would now call
a digital firm, sold it and said I wanted to
go do it again somewhere, but I want to go
to a big company. And the family at IBM brought
me in and yet to let me go.
Speaker 2 (05:07):
That was how many years ago?
Speaker 3 (05:10):
Two decades? Oh wow, So I know I look amazingly young, but.
Speaker 2 (05:14):
Yes, because you must have.
Speaker 3 (05:17):
And IBM was my fifth career and and and I've
I've enjoyed it since and that's what I what I
do there, build teams, grow new parts of the company,
and get to work with some of the most brilliant
people on the face of the planet, as well as
partners like like Christy that just keep it exciting.
Speaker 2 (05:33):
Christy, you're I was delighted to learn that you are Canadian?
Yes here, yeah? But you so you were a consultant
for a long time a Bane Yes.
Speaker 4 (05:44):
Yeah. I joined Baine Consulting intending to spend a couple
of years there learn the ropes and then go get
my first real job. But the value personally to my
growth and development, and then that we were able to
bring our clients. I ended up there for sixteen years
and then post Bane went onto another my first product company,
a new relic, and then it's come full circle at
(06:05):
Polota Networks. But at Bain it was all about bringing
expertise across different industries to help our clients improve whatever
they needed to improve and bringing that expertise to bear.
And then you have the product lens and you think, Okay,
we're going to build the absolute best product to help
our customers do what they need to get done, and
then I joined pal Alto about six seven months ago
(06:26):
in a partnerships role and I'm delighted to be able
to work with amazing consulting companies like IBM where we
bring both to bear.
Speaker 2 (06:33):
How long have IBM and Palo Alto Network's been partners?
Speaker 3 (06:37):
So we've been We've been working together for quite quite
a long time, but we made it official, meaning we
got married as strategic partners last year.
Speaker 2 (06:46):
Oh I see. So what is it that each of
you bring to the table? What's each side special?
Speaker 3 (06:51):
So it's great that you asked that because about a
decade ago, are now CEO Arvin Christ says, you know,
it wouldn't be great if we has had this one
focus with what does IBM do and you have this
whole list, and he says, let's make it simple. We
are a multi cloud, hybrid cloud AI company. And so
when you say that, it sounds very simple. But then people,
(07:14):
what the hell is that? What your hybrid cloud? Well,
both of those two things have a lot of data involved,
and a lot of those mean that that data is
going to sit in multiple places and distributed environments. Well,
if you're able to tie those things together with multiple partners.
You also have to make sure that it's secure because
(07:36):
in the direction that we're going, where data is now
being consumed in many different places and it is the
fuel behind AI as we know. Then you say, ah, well,
who does that well and who does it in a
way that's getting rid of seams, the seams that could
be across multiple products, multiple product SATs even And that's
(07:56):
where Powell comes in.
Speaker 4 (07:58):
I think the canal wisdom in cybersecurity was always you
need all the new tools, right, you need it every threat.
It's like, whack them all. Every threat that pops up,
you get the tool that's purpose built for that specific thing. Well,
fast forward to you know, the RSA conference this year.
There were four thousand vendors on the floor. You look
at an average company, there's hundreds of cybersecurity tools. It
(08:20):
introduces a level of complexity that is really hard to manage.
You as a user, query and application right, that query
can go through a bunch of different pings from one
cloud to the next. It goes into and out of
as SaaS application. It may be running along a network,
you may be accessing it from your phone, which is
an unmanaged device. It's got to go in and out.
(08:42):
And if you say, okay, I've got to secure that phone,
I've got to secure the network, I've got it. Then
all of a sudden you've got sort of firewalls, software
and hardwel flows popping up everywhere. You've got cloud security,
and it's you've probably heard of this concept of zero trust,
which is every time you have to check and say
are you allowed in here? Are you allowed in here?
The number of places that can fall down it just
(09:03):
becomes overwhelming. So you end up with either alerts firing,
you know, every two seconds that you have to then
go investigate in most of which are false positives or
you miss something right. And so that was the conventionalism
was we've got to buy all these tools, and now
you've got overwhelmed CIOs and CSOs with hundreds of tools,
and Palo Alto strategy has been, look, we're going to
(09:25):
create a platform where everything can be stitched together, everything
can speak the same language, and we can sort of
manage throughout the architecture and watch, you know, this call
as as it's passing through all these different checkpoints, and
we can do it in a way that you still
have the confidence that it's best to breed right, so
you're not making any trade offs. But it's not so
(09:46):
simple just to get from the spaghetti to the seamless architecture.
You need, oftentimes to re engineer your business processes. You
have to re architect your digital environment. And so that's
where we partner with a company like IBM to bring
that expertise and say, we're going to help you not
just deploy the best cybersecurity architecture, but really get your
environment ready to have this zero customers as well as.
Speaker 3 (10:08):
All of those players that cross that spaghetti, because when
you start thinking about all the other partners that you
work with, if you're you think of an industry perspective,
you're going to have an ERP. It could be an Oracle,
it could be an SAP. You're not going to have
one cloud, as I mentioned, it's going to be possibly
multiple clouds. You'll have some AWS maybe Microsoft asure and
(10:28):
then even even some Google in there, and then your
own that you've built in your private over there, uh,
some an IBM cloud. You'll have those multiple clouds, and
then you also will have you know, fit for purpose, Oh,
I need a I need a salesforce in there for
my customer focusing I need. I'm doing some graphics, so
I have Adobe, so I just as I can name
(10:49):
name name, all of those then have to be re engineered. Seriously.
I mean, come on, Malcolm, you're gonna sit there you
think how long that would take. So if you haven't
done that before, you're going to have to go to
each one of those individually, or you can work with
a company that can tie those things together, because we
are also strategic partners with them. So that's where you
(11:12):
start to say, Okay, I see how this comes together.
You have to make sure that your ecosystem is going
to be stronger than your competitor's ecosystem, and you have
to be secure in what you're doing because as you
add more players or products, you create seams, and you
want to make sure there's fewer seams and that there's
(11:32):
zero trust across that capability you're building. And that's why
the compliment between the two companies.
Speaker 2 (11:38):
Well, take a step back from a moment before we
sort of launch, once get into the specifics of what
you guys are doing. I'm curious at this moment in
twenty twenty four, how nervous should we be about cybersecurity?
So compared it to five years ago or ten years ago.
(11:59):
Are we are less nervous than you were five years ago?
Were more nervous? Or all of changes going on right
now increasing vulnerability or decreasing it?
Speaker 3 (12:08):
I would say Christie, also, I think we share the
point of view is that it's not necessarily being more nervous.
I think you should be more prepared because the amounts
of threat is increasing based on our dependence upon data.
And that's that's where I think the attention should be placed.
(12:31):
Is that more and more, especially with the importance of AI,
that you say, okay, then what's under all that? And
it's the data, as I said, So knowing that you
should be more concerned.
Speaker 2 (12:45):
Does the advent of AI and its rapid evolution help
defense more or offense more?
Speaker 4 (12:52):
I think it's I think it's like any mega trend
that we've witnessed both. Right, So you think about AI.
It's great, right in terms of what it's going to
unlock for productivity, for humanity, but it also makes it
a whole lot easier to build ransomware. It's a whole
lot easier to test different ways into a system. Right.
(13:13):
But I think that's true if you think about like
the rise of the Internet, right, all of a sudden,
everyone was putting their data online and you had to
think of new ways to stay ahead and keep that secure.
And I don't think AI is any different. You've got
companies like Palta, partnerships like Powell and IBM that are
constantly scanning the landscape for not only the current threats,
(13:34):
but what's next, what's coming around the corner, what's after AI?
And so I think taking it seriously and being prepared
is probably the right way of looking at it, as
opposed to because if you think about it too hard,
you'll just want to crawl into a corner and stuff
everything under the mattress.
Speaker 2 (13:50):
I am the CEO of a regional hospital chain, big
distribute healthcare system, so a ton of data. The consequences
of being hacked and help for ransom are life and death.
Life and death. Right littally, when you come so, you
(14:10):
come down, you sit down with me, and you chat
with me. Walk me through the kinds of things you
would tell me about what I need to get safer.
For example, let's start with one. Is it likely that
I'm spending too little? Or am I spending money in
the wrong place.
Speaker 4 (14:25):
Great question. It depends how you've broken it out. If
you are distributing all of your dollars across a whole
bunch of different tools, it's likely you're just spending the
wrong money. And in fact, you know, putting it all
in one place is a way of potentially saving money
but keeping your security actually higher. And I'd love to
hear Jason, how you would approach it. How we would
(14:46):
approach it, of course, is by saying, you know, what,
what does your environment look like? You know, do you
have the connected medical devices into your EMR? Are your
respirators and ventilators all online? Right? And so we would
talk about, okay, here's how you get coverage and how
the coverage of both the firewalls as well as the
detectors all feedback into your security operation center and you
(15:09):
can manage it and do your learning with AI and
keep yourself securing.
Speaker 3 (15:14):
So yeah, and I would say Christy and I would
go to the same point because if you get under
what she was just asking, it is your data on
prem and when it's on prem, how active is it
across the enterprise? And so that begins the basis for
the start and then often you're going to say, well,
we actually take in data from outside, and then we
(15:36):
also have the circumstances. There's a lot of PII and
so that personal is the personal information, right, And so
now you're saying, okay, now, how are we securing that
and where are we securing it? And so you have
to start really thinking about the different areas within that
hospital chain. Are you sharing that amongst your hospitals? And
(16:00):
now you start to think of if I'm saying no
to a lot of that, it's like, well, then are
you as efficient as you want to be? So there
is that trade off of you know, am I so
tightly walled that I'm not productive? And so that's where
we would start to say, what's the outcome that you're
trying to get to? All Right, maybe you're good, Maybe
you're you're good with your five locations and you don't
(16:22):
need to go any further, but maybe you want to
expand to fifty and by the way, you're going to
go crossport or you're going to be in Toronto and
in New York. Okay, well then how do you do that?
And so I think that it's very easy to start
jumping into any of the typical situations. But the first
question that you have to ask you as the hospital CEOs,
(16:46):
what's your objective? What are you what are you trying
to do? Because too often what we see is that
there's some bright, new, shiny thing that everybody wants to
put in play. You know, it's a sandwich looking for
lunch and you go, but what is it that you
want to do as this? Are you doing research? Are
your research hospital? Are you more consumer oriented? So those
(17:07):
are the questions you start to ask because they start
to then tell a story in line with what Christy questions.
And I think that that's where the again, the complement
is that instead of just saying, oh, well, that's thanks
for telling me all this, Malcolm, here's your ten page strategy,
go find somebody. We have the benefit in IBM. And
(17:28):
it's probably why I'm still there is you know, we're
very unique. We're the only company on the planet that
has a consulting business at scale inside of a technology company,
and so we have, you know, the left brain, right brain.
We're able to do that and then we're able to say, okay,
now which partners are going to be most valuable for
(17:49):
our clients? What's going to work for you, isn't going
to work for the manufacturer down the road, isn't going
to work for the consumer or CpG company across the river.
Those things are bare very specific. The threats and the
scenes that I was talking about are very specific. So
that's where it becomes very valuable to make sure that
(18:09):
I'm not just giving you some strategy that's generic.
Speaker 2 (18:12):
But everything as a healthcare CEO, everything I have done,
almost everything I've done over the last ten years, has
it had the effect of increasing my vulnerability. I want
to digitize data within the hospital used to be on
pieces of paper. I want doctors to go home and
to be able to seamlessly hook into stuff at work
because they got to do all their paperwork. I want
(18:35):
to make sure the diabetes people are speaking to the
organ transplant people. And so isn't that everything I have
done to kind of keep up with the revolution in healthcare?
Isn't that also making me more and more vulnerable to
a bad actor.
Speaker 4 (18:49):
It's such a great question because think about the quality
of healthcare delivery. Right, So now doctors aren't filling out forms,
They're spending time with patients, and so the quality of
care is improving and the vulnerability is improving, and so
I think that's where having a strong cybersecurity strategy actually
enables all of that. One of our products is our
sas product, and we tested it with some business applications,
(19:10):
and oftentimes the wrap is, oh, security is going to
slow you down, right, like you have to add a firewall,
you have to checkpoints. Our product actually increases the velocity
of your ability to use that application because of the
way that it is queried through our system as opposed
to just through the regular network. So it doesn't slow
it down and in fact, it makes it run more efficiently.
(19:31):
That's just one minor example. But back to the healthcare question. I,
as a patient want my doctors accessing all the technology
and talking to each other and connecting the dots behind
the scenes. I also want my data to stay private,
and so having both a consulting partner who understands how
to ask questions of the environment and of the applications
(19:51):
you're using, and who understands the industry inside and out,
and a technology partner that builds and stays ahead of
all of the different threats come together advise you. I
think is super important. When you bring in a partner
like IBM, with a platform like pal Alta that covers
you know, all the different parts of your environment, you're
(20:12):
able to say, look, where where are the vulnerabilities in
the system, Where are the different endpoints that we need
to have covered, And then just make sure you get
that breadth of coverage and then you're better able to so, yes,
you've increased the risk, but then you've mitigated it.
Speaker 2 (20:27):
So to give so before I retire my healthcare analogy,
because I was thinking about just trying to understand the
importance of this idea of having a single platform. So
if this mudtle healthcare network is typical, I've acquired a
whole series of over the last ten years. I bought
a hospital over here, some I got some physicians things
(20:49):
that I snapped up over here. I bought a diagnostics company,
and so I have all of these legacy systems and
I had, like you said, maybe I got some stuff
in the cloud with one company, some stuff with the cloud.
And what you're saying is the first step is to
kind of rationalize that put it on a single platform,
so you understand where your points of weakness are as
(21:11):
opposed to being blind to your points of weakness.
Speaker 4 (21:14):
There's yes, although anyone who's done any kind of M
and A knows that that's a long journey, right. So
I think the first step is just understanding where everything is,
and then you get on a path and you say,
where's the biggest risk. Let's neutralize or mitigate that risk
one at a time. The thing about open end Secure,
(21:35):
you know, Palo Alto. We keep touting the benefits of
the platform. Everything on Palo Alto, your risk is going
to be mitigated and you're going to have the full visibility.
But you can't get there overnight. And so we've got
you know, thousands of integrations with other technology companies, including
our partners, to make sure that we can capture and
have visibility into those those endpoints in those systems as well.
(21:57):
And so I think step one is just figure out
where everything is, get the scan, so politize a couple
of products where you can kind of deploy and get
a view of your attack surface. I love the analogy.
Just like a digital environment is a house, right, and
so like you have your front door log of course,
because probably they're going to try the front door first,
but that's not all you're going to do, right, you're
going to make sure the whole you know, the windows
(22:17):
are locked and there's an alarm system and all of that.
And I think that's how you have to think about it,
is just how do we cover the whole service.
Speaker 2 (22:25):
So everyone lay. People like me have been bombarded over
it seems like over the last year with one thing
another about how quickly AI is moving forward and how
big of a deal it is suddenly is going to
be in the economy. What is the impact of that
dramatic change in AI's capabilities on this cybersecurity question? So
(22:48):
what does it mean if you're defending somebody that you
now have these sophisticated AI tools, you suppose.
Speaker 3 (22:55):
I think that AI becomes the force multiplier for cyber
To think about cyber Before it was just locking your doors,
locking the windows, and if you were really good, you
had an alarm system. You know. Now with AI, you
can said, well, I can predict what's going to happen.
(23:17):
I can see around the corner. I know, I can
leave my windows open upstairs and it's fine, and it's okay.
Speaker 2 (23:23):
I mean because why because the AI is running a
million simulations.
Speaker 3 (23:27):
It can And that's exactly it. It becomes the intelligent
part of that AI. It's not artificial, it's augmented. So
you now have this new capability to see around corners,
and so you're able to do the jobs of yesterday
more effectively. And the queries that you were doing, and
(23:48):
that's all you're really doing, now you're doing them, you know, faster,
you're able to access even more data and you're able
to then make it more secure. So that's why AI
becomes a force multiplier.
Speaker 2 (24:02):
Yeah, and just talk about the faster part. What does
faster mean in practical terms? If you're trying to defend
an enterprise against a cyber attack, what does speed matter
in that environment?
Speaker 3 (24:14):
You're always trying to find a place through I go
back to you. We brought up the army. You always
how do you break the line? How do you find
a penetration point? And when you think about you know,
pin testing, penetration testing, where are those? So if you're
able to do that faster than the bad guys, and
not only faster, but you're picking more probable points. This
(24:35):
is back to the intelligence. I could waste time doing
penetration testing someplace where That's why I mentioned leave if
they can't get in the second story windows. Why are
you spending time trying it so that becomes more effective?
So that's when I think of speed. That's what I
think of because with not just speed, I think it's
also what's effective.
Speaker 4 (24:55):
Just to put a put a fine point on it.
So I found a way in Okay, Now what I
don't know where the jewelry is, so I have to
look around and see if there's any hidden gems and
try to find my way. That used to take a week,
two weeks, sort of seven to fourteen days. Now it's hours, right,
So they're in and they can actually expeltrate data within
less than a day. The metric we use in the
(25:16):
security operation Center is meantime to detect, so to see
anyone's there, meantime to respond and remediate to get them
out right. That used to be also you know, seven eight, nine,
ten days. Now it needs to be less than an hour.
And with our AI based security operations platform, it is.
Now you've got one tool that whether it's all peloton
(25:38):
networks or whether it's just you know, hoofringing data from
other places, then you're able to see it all together.
So you actually get fewer alerts, so you get from
thousands of alerts down to one hundred alerts right, and
you can investigate them and you investigate them using AI too.
And AI is today, it's today's threat, but it's you know,
you think about threat and opportunity to think about what's next.
You always have to be kind of evolving.
Speaker 3 (25:59):
And you have to. I think we talk about threat
and risk. You know, we didn't tell you know, what
is the cost of cyber some type of penetration. It's
typical costs is about four and a half million dollars.
And that's just in labor and remediation. If you think
about reputational risk as well, our Institute for Business Value
(26:22):
to the study and found it in twenty twenty three
and they were thirty nine banks that we watched that
suffered a reputational risk market value of one hundred and
thirty billion dollars. And so you start to think, wow,
that's just reputational risk. So that's what's at stake here,
and it's only that is only going to get bigger.
Speaker 4 (26:45):
So one of the piece we haven't talked about about
AI that I find super interesting because we've been talking
essentially about like the terminator, the robots fighting robots, right,
like whose robots are quicker? Like I'm designing a tax
and I'm defending against tax and I think that's that's
super important. But we recently launch and our working at
IBM on our AI security product to actually secure the
(27:05):
use of ALI because it also opens up another set
of threat factors. I'll give you an example. I'm a
marketing executive now for your hospital. So I work for you,
and you want to announce the launch of a new center,
and so I upload all the information about all the
patients and our you know how we do things into
chat GPT to write the PR for me. Well, I've
(27:26):
also just uploaded to chat GPT a whole bunch of secrets, right.
So it's it's how employees are using AI, because I think,
you know, some companies are sort of building their own
language models and their own AI applications that they want
to keep secure. Others are just curious about how their
employees are using AI applications on the shelf, and so
we announced in May a product where you can actually
(27:47):
scan and see how AI is being used in your
enterprise and within We made the announcement with the GA
was last month, but we made the announcement in May,
and we had immediately thousands of CIOs signing up because
just understanding you know who's using what it's another open
question because you know, we talk about AI enhancing productivity
and all the benefits it's going to bring, but it
brings it brings risks, not just in how it's being
(28:09):
used by the thread actors, but also you know what
other vulnerabilities that.
Speaker 2 (28:13):
Exc It's the eye that you does that system tell
you what's a problematic use.
Speaker 4 (28:20):
It does, so what what it does, and you've got
to train it right. But what it does is say
this is this is outside of your policy. So CIOs
will set policies on here's what is acceptable and not
acceptable use. So we'll be able to scan and say
these these falling uses are outside of policy, and then
it'll punt and say I think this is too restrictive,
I think this is too permissive, and then you can
sort of update your policies from there. That's just sort
(28:41):
of the visibility piece, and then there's the run time piece,
which will actually stop you from using it. So you
go and say, okay, here's all my patient's social security numbers.
I'm going to upload them to chat GPT to you know,
get an understanding of like where they all live. I
don't know what why you would possibly do that, but
let's say you are and then you know, it'll note
that looks like a social security number. You can't upload
that into your prompt.
Speaker 2 (29:01):
So it will stop you before you Yeah, thoughtful voice
over your shoulder, just to remind you not to do
something silly exactly. But this is just talk a little
bit more about adding AI into this mix. You say
it's a force multiplier. It's a really interesting dig into that.
What other instances of what that means? How does the
(29:25):
balance between AI and human expertise work in the kind
of next generation of cybersecurity?
Speaker 3 (29:33):
I think the common way to look at as it
back to the force multipliers, It's not going to be
is your AI better? But can you use it better?
Can you ask your AI the right questions? Are you
well trained? So the competition really becomes your use of AI?
And are you pointed it in the right direction. You
(29:56):
have fifty people, can they do the work of two
hundred and fifty? And can they do it in a
safe and secure manner? So you're not opening up more
risk based on or too much risk is your risk
tolerance in order to get the outcome. So that's why
I think there's the opportunity. And so you see this
truly as a force multiplier because the first thing people go, oh,
(30:18):
you're going to get rid of people. Oh, the people
portion is still still going to be just as important
because they're doing that other piece of work.
Speaker 4 (30:26):
One of my favorite statistics is that there are now
more bank tellers in the US than there were in
nineteen sixty before the ATM was invented. Right, So, but
it used to be you would go to your bank
because you had to. I remember doing this. You go,
you fill out your deposit slip, you hand it to
the teller and they give you your cash. And then ATMs
are invented. It's like, oh no, what's going to happen?
All these jobs and now there's more, Right, but you're
(30:48):
not withdrawing money from a bank teller. You're now doing
more sophisticated transactions. And so I think it's similar with AI, right,
like you want people doing things that only people can do.
Speaker 2 (30:58):
The human element remains absolutely central in all of this.
How do you make sure that your cybersecurity folks are
equipped to handle high value tasks are ready for this
increasing responsibility.
Speaker 4 (31:13):
There's a couple of ways to answer this, but I
think the more you're able to automate the routine and
the mundane tasks. For example, the bulk of cybersecurity happens
in the security operations center. There's analysts who are sitting
in that center. If they're spending all day either configuring
alerts or responding to alerts, they're not able to do
(31:34):
the advanced sort of threat hunting and analysis work. And
so I think a big chunk of it is just
freeing up their time to be able to do the
more advanced strategic work. And a lot of the automation
tools based on AI, like our cortex XIM product, is
it's designed to free up their time in order to
be able to do that.
Speaker 3 (31:52):
And from our perspective, is making sure that it's a
requirement to make sure that you have the qualifications because
people can easily get used to doing what they've always done.
I know this, and that's that's what I do. You say, well, no,
all the threat actors are learning on the fly. They're
trying to always outsmart you. So it's in your best interest,
(32:14):
our best interest, our client's best and partners best, and
that you are on the front leaning edge of that
learning capability.
Speaker 2 (32:22):
If you're talking to a client he wants to develop
a kind of unified cybersecurity strategy, what's the best single
piece of advice you can give them?
Speaker 4 (32:33):
You should have a single platform. It's hard not to
answer that, but it is true. I mean all joking
aside having you know the best of breed solutions that
are all talking to each other and able to stitch
together and identify threats before human might be able to.
That's number one, and number two is making sure you
have visibility on all elements so you're able to cover
(32:55):
your whole environment and understand how people are accessing it.
Speaker 3 (32:58):
I'd say think like a actor. Yeah, always think outside
in because you get comfortable the other way around.
Speaker 2 (33:07):
You guys work together with a fortunate enviioutrial company, and
I'd love for you to talk a little bit about
use that as a kind of case study for what
this collaboration between the two your two companies looks like.
When you work with a cloud.
Speaker 4 (33:23):
It really was, you know, IBM leading on a digital
transformation for this client that wanted to move their applications
into the cloud, and so you're asking a lot of
questions about how does AI increase the risk and the
surface area. Those same questions ten years ago were asked
about the cloud. And we're still on the journey where
where companies are migrating to the cloud. We're not anywhere
near finished that yet. And so there's two pieces to
(33:44):
a cloud migration. One is just refactoring for the cloud
to make sure the application works effectively in the cloud.
And the second is security. And then you built in
security by design using POW does prison of cloud products
to make sure that not only did you have the
visibility so our cloud product you can scan and see
where the vulnerability. And then there's also you know, cloud
firewalls essentially that will keep bad actors out and keep
(34:07):
the cloud instant secure.
Speaker 2 (34:09):
If we sit down and have this conversation five years
from now, which I actually hope we do, be fun,
this pretend is twenty twenty nine. Tell me what are
you happy about in twenty twenty nine.
Speaker 3 (34:22):
I think twenty twenty nine quantum computing is mainstream. I
think quantum computing is now quantum safe, where we're using
quantum computing to make sure that those bad actors aren't
as bad as they used to be back in twenty
twenty four, and that we're seeing around the corners and
(34:46):
that we're empowering our Palo Alto relationship. That in twenty
twenty nine is the premiere type of capability that people
are looking at when they think of what used to
be AI. Now is quantum capability.
Speaker 4 (35:02):
Yeah, yeah, I think for AI, everyone's just using it
as part of their job. The way email was an
innovation in the nineties, the way you know cloud was
an innovation in the twenty tens, and we thought, how
are we going to use this? What impact is it
going to have on productivity? All these people who are
spending their days typing up memos, like what are they
going to do? We're going to be past that fear
(35:24):
and we're all going to understand that it is this
like truly positive force multiplier. For you know, every employee
is able to do their best work and spend their
time on the things that only they can do, and
then the AI is doing the rest of that for them.
Speaker 3 (35:39):
Right, AI is fun to enable many things to work together.
It won't be just one language model. We won't even
think about. It will be the difference between you know,
Malcolm having a fax machine, stereo and a telephone and
a memo board. Now it's in your pocket and it's
(35:59):
all one thing and you don't even call that, you know.
I said, walk them into my kids the other day
and they're like, what's a walk man? So I do
think it will. It'll be part of the past and
it's it will be the thought of the seamless connection.
That is secure seamless connection, of HR, of finance, of distribution, logistics,
(36:19):
of billing, all of those will have a capability to
work together.
Speaker 2 (36:24):
Yeah, I have to do some social quick fire questions
you guys ready.
Speaker 3 (36:29):
All right?
Speaker 2 (36:31):
What's the number one thing that people misunderstand about AI?
Speaker 3 (36:35):
The reliance on data? What do you mean by that?
I think that it's just assumed that it's happening and
it can just go out and grab data anywhere.
Speaker 2 (36:45):
Yeah, you have.
Speaker 3 (36:47):
To have good data, reliable data, and access to the data.
Speaker 4 (36:51):
I mean people are too afraid of it.
Speaker 2 (36:53):
Checkbox and image generators are the biggest things in consumer
AI right now. What do you think is that next
big business application?
Speaker 3 (37:00):
I think it's the tying together of multiple capabilities. I'm
hinted towards this earlier is I think tying together the
disparate systems that sit in different parts of the organization
front office, back office, making it one office and tying
together those different functions. That's it.
Speaker 4 (37:15):
I mean, it's workflow automation. I think back to your
point on the reliance on data seems easy. It's a
lot harder than you think, because you have to have
everything set up in exactly the right way to get
all of your systems automated and the sort of the
more boring jobs taken care of so that humans could
do the strategic ones.
Speaker 2 (37:32):
How are you already using AI in your day to
day life?
Speaker 4 (37:37):
I mean I use it at work all the time,
and then I've found right now I go to chat,
GPT instead of Google to look things up. I like
having a conversation.
Speaker 3 (37:48):
We have a wonderful capability in our consulting business called
our consulting assistant, and consulting advantage is the proper name
for it, but I look at it as that assistant.
It's a force multiplier for me. So if I need
to pull together content proposals with the teams, we go
straight to that.
Speaker 2 (38:08):
We are one more we hear, so many definitions of
open related to technology. How do you define it and
how does the concept help you innovate?
Speaker 4 (38:18):
By definition? In cybersecurity, you don't want to be too open, right,
So I think we enable openness with this concept of
zero trust and saying like everyone's invited in as long
as you have the right credentials, right. So that's that's
one way, and then the other way is just making
sure you're connected to all the different systems in order
to be able to have that visibility and see what's happening.
(38:38):
Because if you are blind, that's the minute you have
that vulnerability.
Speaker 3 (38:43):
Yeah, and I'd say it's moving quickly with security. It
sounds contradictory open. Oh then that means you're not safe. No,
you are safe and you can move faster.
Speaker 2 (38:55):
Yeah, thank you so much. It's fun.
Speaker 4 (38:57):
Thanks a lot, Thank you great. We'll see you in
five years.
Speaker 2 (38:59):
Yea years, five years, man, I'll be old in five years.
Thank you to Jason kellyot IBM and Christy Fredericks at
Palo Alto Networks for that fascinating conversation about the threats
and opportunities in cybersecurity today. As Jason and Christie stressed,
(39:20):
AI can be a force multiplier for enterprise across industries.
When you're working with multiple products and have your data
in distributed environments, you need technology that will work across
your organization, and with Palo Alto Networks platform, you can
enhance cyber resiliency and simplify your operations. Through their collaboration,
(39:44):
IBM and Palo Alto Networks are charting the future a
fully integrated open end to end security solutions. Smart Talks
with IBM is produced by Matt Romano, Joey fish Ground,
Amy Gaines McQuaid, and Jacob Goldstein. We're edited by Lydia
Jane Kott. Our engineers are Sarah Bruguerer and Ben Tolliday.
(40:07):
Theme song by Gramoscope. Special thanks to the eight Bar
and IBM teams, as well as the Pushkin Marketing team.
Smart Talks with IBM is a production of Pushkin Industries
and Ruby Studio at iHeartMedia. To find more Pushkin podcasts,
listen on the iHeartRadio app, Apple Podcasts, or wherever you
listen to podcasts. I'm Malcolm Glapham. This is a paid
(40:31):
advertisement from IBM. The conversations on this podcast don't necessarily
represent IBM's positions, strategies, or opinions,
Welcome to tech Stuff, a production from iHeartRadio. This season
on smart Talks with IBM, Malcolm Gladwell and team are
diving into the transformative world of artificial intelligence with a
fresh perspective on the concept of open What does open
(00:24):
really mean in the context of AI. It can mean
open source code or open data, but it also encompasses
fostering an ecosystem of ideas, ensuring diverse perspectives are heard,
and enabling new levels of transparency. Join hosts from your
favorite Pushkin podcasts as they explore how openness and AI
is reshaping industries, driving innovation, and redefining what's possible. You'll
(00:49):
hear from industry experts and leaders about the implications and
possibilities of open AI, and of course, Malcolm Gladwell will
be there to guide you through the season with his
unique insights. Look out for new episodes of Smart Talks
every other week on the iHeartRadio app, Apple Podcasts, or
wherever you get your podcasts, and learn more at IBM
dot com slash smart Talks.
Speaker 2 (01:14):
Hello, Hello, Welcome to Smart Talks with IBM, a podcast
from Pushkin Industries, iHeartRadio and IBM. I'm Malcolm Glappwell. This season,
we're diving back into the world of artificial intelligence, but
with a focus on the powerful concept of open its possibilities, implications,
and misconceptions. We'll look at openness from a variety of
(01:37):
angles and explore how the concept is already reshaping industries,
ways of doing business and our very notion of what's possible.
On today's episode, I'm joined by Jason Kelly, the global
Managing Partner for IBM Strategic Partners and Ecosystems, and by
Christy Fredericks, the Senior Vice president and Chief Partnership Officer
(01:59):
at Polowa Networks. We discussed how their partnership in the
cybersecurity space helps strengthen enterprises by focusing on seamless cybersecurity
solutions tailored to meet the evolving threat landscape. By leveraging
AI and automation, this collaboration aims to modernize security programs,
(02:20):
improve response times, and produce risks. Jason and Christy both
bring a tremendous amount of experience and expertise to the subject.
I think you're really going to enjoy this one, Jason, Christy,
(02:45):
Welcome to Smart Talks with IBM. Thank you for joining me.
Speaker 3 (02:48):
Thank you.
Speaker 4 (02:49):
It's great to be here.
Speaker 2 (02:50):
We are here to discuss cybersecurity and the partnership between
IBM and Palo Alto Networks. But before we get there,
I wanted you guys to tell me a little bit
out yourself. Jason, let's start with you. I see on
your resume west Point, which makes we think there's some
interesting things going on there. How did you get to
(03:11):
west Point?
Speaker 3 (03:12):
West Point? West Point was the decision. First, it was
it was affordable back in the day. But I had
a sense of service. My father was a World War
Two vet, so I grew up on the weekends watching
World War two video. You know, he's army as well. Yeah,
and so I thought, oh, that'd be exciting, and I
thought I do some type of service. Went there and
(03:35):
now I have the biggest family, extended family I could
ever have. So it was very exciting. Played football lucked out,
meaning I wasn't recruited. I walked on and that kept
me there because it gave me something and outlet with
all the other pressures. Defensive back I was. I was
great at knocking the ball down, not the best at
(03:55):
catching it.
Speaker 2 (03:55):
Yeah, and then you were a ranger I was.
Speaker 3 (04:00):
I was privileged to be a US Army airborne ranger station,
but did most of my time in northern Italy. We're
part of the eighty second Airbarnship Post. Oh yeah, that's
what people say, seriously, like, you know, you were you
were northern, you were drinking wine and having bred, you know.
But it was a part of a NATO force there
at the time. Yeah, so exciting.
Speaker 2 (04:22):
How did you get from there to IBM?
Speaker 3 (04:26):
A long path. As I came out of the military,
I started manufacturing retail housing and did a quick stint,
took a leave of absence from industry, and did a
stint of yet again public service in the state of
Tennessee with economic development and got a whiff of how
(04:48):
fun it could be to do things around data and media.
Started a small media firm what we would now call
a digital firm, sold it and said I wanted to
go do it again somewhere, but I want to go
to a big company. And the family at IBM brought
me in and yet to let me go.
Speaker 2 (05:07):
That was how many years ago?
Speaker 3 (05:10):
Two decades? Oh wow, So I know I look amazingly young, but.
Speaker 2 (05:14):
Yes, because you must have.
Speaker 3 (05:17):
And IBM was my fifth career and and and I've
I've enjoyed it since and that's what I what I
do there, build teams, grow new parts of the company,
and get to work with some of the most brilliant
people on the face of the planet, as well as
partners like like Christy that just keep it exciting.
Speaker 2 (05:33):
Christy, you're I was delighted to learn that you are Canadian?
Yes here, yeah? But you so you were a consultant
for a long time a Bane Yes.
Speaker 4 (05:44):
Yeah. I joined Baine Consulting intending to spend a couple
of years there learn the ropes and then go get
my first real job. But the value personally to my
growth and development, and then that we were able to
bring our clients. I ended up there for sixteen years
and then post Bane went onto another my first product company,
a new relic, and then it's come full circle at
(06:05):
Polota Networks. But at Bain it was all about bringing
expertise across different industries to help our clients improve whatever
they needed to improve and bringing that expertise to bear.
And then you have the product lens and you think, Okay,
we're going to build the absolute best product to help
our customers do what they need to get done, and
then I joined pal Alto about six seven months ago
(06:26):
in a partnerships role and I'm delighted to be able
to work with amazing consulting companies like IBM where we
bring both to bear.
Speaker 2 (06:33):
How long have IBM and Palo Alto Network's been partners?
Speaker 3 (06:37):
So we've been We've been working together for quite quite
a long time, but we made it official, meaning we
got married as strategic partners last year.
Speaker 2 (06:46):
Oh I see. So what is it that each of
you bring to the table? What's each side special?
Speaker 3 (06:51):
So it's great that you asked that because about a
decade ago, are now CEO Arvin Christ says, you know,
it wouldn't be great if we has had this one
focus with what does IBM do and you have this
whole list, and he says, let's make it simple. We
are a multi cloud, hybrid cloud AI company. And so
when you say that, it sounds very simple. But then people,
(07:14):
what the hell is that? What your hybrid cloud? Well,
both of those two things have a lot of data involved,
and a lot of those mean that that data is
going to sit in multiple places and distributed environments. Well,
if you're able to tie those things together with multiple partners.
You also have to make sure that it's secure because
(07:36):
in the direction that we're going, where data is now
being consumed in many different places and it is the
fuel behind AI as we know. Then you say, ah, well,
who does that well and who does it in a
way that's getting rid of seams, the seams that could
be across multiple products, multiple product SATs even And that's
(07:56):
where Powell comes in.
Speaker 4 (07:58):
I think the canal wisdom in cybersecurity was always you
need all the new tools, right, you need it every threat.
It's like, whack them all. Every threat that pops up,
you get the tool that's purpose built for that specific thing. Well,
fast forward to you know, the RSA conference this year.
There were four thousand vendors on the floor. You look
at an average company, there's hundreds of cybersecurity tools. It
(08:20):
introduces a level of complexity that is really hard to manage.
You as a user, query and application right, that query
can go through a bunch of different pings from one
cloud to the next. It goes into and out of
as SaaS application. It may be running along a network,
you may be accessing it from your phone, which is
an unmanaged device. It's got to go in and out.
(08:42):
And if you say, okay, I've got to secure that phone,
I've got to secure the network, I've got it. Then
all of a sudden you've got sort of firewalls, software
and hardwel flows popping up everywhere. You've got cloud security,
and it's you've probably heard of this concept of zero trust,
which is every time you have to check and say
are you allowed in here? Are you allowed in here?
The number of places that can fall down it just
(09:03):
becomes overwhelming. So you end up with either alerts firing,
you know, every two seconds that you have to then
go investigate in most of which are false positives or
you miss something right. And so that was the conventionalism
was we've got to buy all these tools, and now
you've got overwhelmed CIOs and CSOs with hundreds of tools,
and Palo Alto strategy has been, look, we're going to
(09:25):
create a platform where everything can be stitched together, everything
can speak the same language, and we can sort of
manage throughout the architecture and watch, you know, this call
as as it's passing through all these different checkpoints, and
we can do it in a way that you still
have the confidence that it's best to breed right, so
you're not making any trade offs. But it's not so
(09:46):
simple just to get from the spaghetti to the seamless architecture.
You need, oftentimes to re engineer your business processes. You
have to re architect your digital environment. And so that's
where we partner with a company like IBM to bring
that expertise and say, we're going to help you not
just deploy the best cybersecurity architecture, but really get your
environment ready to have this zero customers as well as.
Speaker 3 (10:08):
All of those players that cross that spaghetti, because when
you start thinking about all the other partners that you
work with, if you're you think of an industry perspective,
you're going to have an ERP. It could be an Oracle,
it could be an SAP. You're not going to have
one cloud, as I mentioned, it's going to be possibly
multiple clouds. You'll have some AWS maybe Microsoft asure and
(10:28):
then even even some Google in there, and then your
own that you've built in your private over there, uh,
some an IBM cloud. You'll have those multiple clouds, and
then you also will have you know, fit for purpose, Oh,
I need a I need a salesforce in there for
my customer focusing I need. I'm doing some graphics, so
I have Adobe, so I just as I can name
(10:49):
name name, all of those then have to be re engineered. Seriously.
I mean, come on, Malcolm, you're gonna sit there you
think how long that would take. So if you haven't
done that before, you're going to have to go to
each one of those individually, or you can work with
a company that can tie those things together, because we
are also strategic partners with them. So that's where you
(11:12):
start to say, Okay, I see how this comes together.
You have to make sure that your ecosystem is going
to be stronger than your competitor's ecosystem, and you have
to be secure in what you're doing because as you
add more players or products, you create seams, and you
want to make sure there's fewer seams and that there's
(11:32):
zero trust across that capability you're building. And that's why
the compliment between the two companies.
Speaker 2 (11:38):
Well, take a step back from a moment before we
sort of launch, once get into the specifics of what
you guys are doing. I'm curious at this moment in
twenty twenty four, how nervous should we be about cybersecurity?
So compared it to five years ago or ten years ago.
(11:59):
Are we are less nervous than you were five years ago?
Were more nervous? Or all of changes going on right
now increasing vulnerability or decreasing it?
Speaker 3 (12:08):
I would say Christie, also, I think we share the
point of view is that it's not necessarily being more nervous.
I think you should be more prepared because the amounts
of threat is increasing based on our dependence upon data.
And that's that's where I think the attention should be placed.
(12:31):
Is that more and more, especially with the importance of AI,
that you say, okay, then what's under all that? And
it's the data, as I said, So knowing that you
should be more concerned.
Speaker 2 (12:45):
Does the advent of AI and its rapid evolution help
defense more or offense more?
Speaker 4 (12:52):
I think it's I think it's like any mega trend
that we've witnessed both. Right, So you think about AI.
It's great, right in terms of what it's going to
unlock for productivity, for humanity, but it also makes it
a whole lot easier to build ransomware. It's a whole
lot easier to test different ways into a system. Right.
(13:13):
But I think that's true if you think about like
the rise of the Internet, right, all of a sudden,
everyone was putting their data online and you had to
think of new ways to stay ahead and keep that secure.
And I don't think AI is any different. You've got
companies like Palta, partnerships like Powell and IBM that are
constantly scanning the landscape for not only the current threats,
(13:34):
but what's next, what's coming around the corner, what's after AI?
And so I think taking it seriously and being prepared
is probably the right way of looking at it, as
opposed to because if you think about it too hard,
you'll just want to crawl into a corner and stuff
everything under the mattress.
Speaker 2 (13:50):
I am the CEO of a regional hospital chain, big
distribute healthcare system, so a ton of data. The consequences
of being hacked and help for ransom are life and death.
Life and death. Right littally, when you come so, you
(14:10):
come down, you sit down with me, and you chat
with me. Walk me through the kinds of things you
would tell me about what I need to get safer.
For example, let's start with one. Is it likely that
I'm spending too little? Or am I spending money in
the wrong place.
Speaker 4 (14:25):
Great question. It depends how you've broken it out. If
you are distributing all of your dollars across a whole
bunch of different tools, it's likely you're just spending the
wrong money. And in fact, you know, putting it all
in one place is a way of potentially saving money
but keeping your security actually higher. And I'd love to
hear Jason, how you would approach it. How we would
(14:46):
approach it, of course, is by saying, you know, what,
what does your environment look like? You know, do you
have the connected medical devices into your EMR? Are your
respirators and ventilators all online? Right? And so we would
talk about, okay, here's how you get coverage and how
the coverage of both the firewalls as well as the
detectors all feedback into your security operation center and you
(15:09):
can manage it and do your learning with AI and
keep yourself securing.
Speaker 3 (15:14):
So yeah, and I would say Christy and I would
go to the same point because if you get under
what she was just asking, it is your data on
prem and when it's on prem, how active is it
across the enterprise? And so that begins the basis for
the start and then often you're going to say, well,
we actually take in data from outside, and then we
(15:36):
also have the circumstances. There's a lot of PII and
so that personal is the personal information, right, And so
now you're saying, okay, now, how are we securing that
and where are we securing it? And so you have
to start really thinking about the different areas within that
hospital chain. Are you sharing that amongst your hospitals? And
(16:00):
now you start to think of if I'm saying no
to a lot of that, it's like, well, then are
you as efficient as you want to be? So there
is that trade off of you know, am I so
tightly walled that I'm not productive? And so that's where
we would start to say, what's the outcome that you're
trying to get to? All Right, maybe you're good, Maybe
you're you're good with your five locations and you don't
(16:22):
need to go any further, but maybe you want to
expand to fifty and by the way, you're going to
go crossport or you're going to be in Toronto and
in New York. Okay, well then how do you do that?
And so I think that it's very easy to start
jumping into any of the typical situations. But the first
question that you have to ask you as the hospital CEOs,
(16:46):
what's your objective? What are you what are you trying
to do? Because too often what we see is that
there's some bright, new, shiny thing that everybody wants to
put in play. You know, it's a sandwich looking for
lunch and you go, but what is it that you
want to do as this? Are you doing research? Are
your research hospital? Are you more consumer oriented? So those
(17:07):
are the questions you start to ask because they start
to then tell a story in line with what Christy questions.
And I think that that's where the again, the complement
is that instead of just saying, oh, well, that's thanks
for telling me all this, Malcolm, here's your ten page strategy,
go find somebody. We have the benefit in IBM. And
(17:28):
it's probably why I'm still there is you know, we're
very unique. We're the only company on the planet that
has a consulting business at scale inside of a technology company,
and so we have, you know, the left brain, right brain.
We're able to do that and then we're able to say, okay,
now which partners are going to be most valuable for
(17:49):
our clients? What's going to work for you, isn't going
to work for the manufacturer down the road, isn't going
to work for the consumer or CpG company across the river.
Those things are bare very specific. The threats and the
scenes that I was talking about are very specific. So
that's where it becomes very valuable to make sure that
(18:09):
I'm not just giving you some strategy that's generic.
Speaker 2 (18:12):
But everything as a healthcare CEO, everything I have done,
almost everything I've done over the last ten years, has
it had the effect of increasing my vulnerability. I want
to digitize data within the hospital used to be on
pieces of paper. I want doctors to go home and
to be able to seamlessly hook into stuff at work
because they got to do all their paperwork. I want
(18:35):
to make sure the diabetes people are speaking to the
organ transplant people. And so isn't that everything I have
done to kind of keep up with the revolution in healthcare?
Isn't that also making me more and more vulnerable to
a bad actor.
Speaker 4 (18:49):
It's such a great question because think about the quality
of healthcare delivery. Right, So now doctors aren't filling out forms,
They're spending time with patients, and so the quality of
care is improving and the vulnerability is improving, and so
I think that's where having a strong cybersecurity strategy actually
enables all of that. One of our products is our
sas product, and we tested it with some business applications,
(19:10):
and oftentimes the wrap is, oh, security is going to
slow you down, right, like you have to add a firewall,
you have to checkpoints. Our product actually increases the velocity
of your ability to use that application because of the
way that it is queried through our system as opposed
to just through the regular network. So it doesn't slow
it down and in fact, it makes it run more efficiently.
(19:31):
That's just one minor example. But back to the healthcare question. I,
as a patient want my doctors accessing all the technology
and talking to each other and connecting the dots behind
the scenes. I also want my data to stay private,
and so having both a consulting partner who understands how
to ask questions of the environment and of the applications
(19:51):
you're using, and who understands the industry inside and out,
and a technology partner that builds and stays ahead of
all of the different threats come together advise you. I
think is super important. When you bring in a partner
like IBM, with a platform like pal Alta that covers
you know, all the different parts of your environment, you're
(20:12):
able to say, look, where where are the vulnerabilities in
the system, Where are the different endpoints that we need
to have covered, And then just make sure you get
that breadth of coverage and then you're better able to so, yes,
you've increased the risk, but then you've mitigated it.
Speaker 2 (20:27):
So to give so before I retire my healthcare analogy,
because I was thinking about just trying to understand the
importance of this idea of having a single platform. So
if this mudtle healthcare network is typical, I've acquired a
whole series of over the last ten years. I bought
a hospital over here, some I got some physicians things
(20:49):
that I snapped up over here. I bought a diagnostics company,
and so I have all of these legacy systems and
I had, like you said, maybe I got some stuff
in the cloud with one company, some stuff with the cloud.
And what you're saying is the first step is to
kind of rationalize that put it on a single platform,
so you understand where your points of weakness are as
(21:11):
opposed to being blind to your points of weakness.
Speaker 4 (21:14):
There's yes, although anyone who's done any kind of M
and A knows that that's a long journey, right. So
I think the first step is just understanding where everything is,
and then you get on a path and you say,
where's the biggest risk. Let's neutralize or mitigate that risk
one at a time. The thing about open end Secure,
(21:35):
you know, Palo Alto. We keep touting the benefits of
the platform. Everything on Palo Alto, your risk is going
to be mitigated and you're going to have the full visibility.
But you can't get there overnight. And so we've got
you know, thousands of integrations with other technology companies, including
our partners, to make sure that we can capture and
have visibility into those those endpoints in those systems as well.
(21:57):
And so I think step one is just figure out
where everything is, get the scan, so politize a couple
of products where you can kind of deploy and get
a view of your attack surface. I love the analogy.
Just like a digital environment is a house, right, and
so like you have your front door log of course,
because probably they're going to try the front door first,
but that's not all you're going to do, right, you're
going to make sure the whole you know, the windows
(22:17):
are locked and there's an alarm system and all of that.
And I think that's how you have to think about it,
is just how do we cover the whole service.
Speaker 2 (22:25):
So everyone lay. People like me have been bombarded over
it seems like over the last year with one thing
another about how quickly AI is moving forward and how
big of a deal it is suddenly is going to
be in the economy. What is the impact of that
dramatic change in AI's capabilities on this cybersecurity question? So
(22:48):
what does it mean if you're defending somebody that you
now have these sophisticated AI tools, you suppose.
Speaker 3 (22:55):
I think that AI becomes the force multiplier for cyber
To think about cyber Before it was just locking your doors,
locking the windows, and if you were really good, you
had an alarm system. You know. Now with AI, you
can said, well, I can predict what's going to happen.
(23:17):
I can see around the corner. I know, I can
leave my windows open upstairs and it's fine, and it's okay.
Speaker 2 (23:23):
I mean because why because the AI is running a
million simulations.
Speaker 3 (23:27):
It can And that's exactly it. It becomes the intelligent
part of that AI. It's not artificial, it's augmented. So
you now have this new capability to see around corners,
and so you're able to do the jobs of yesterday
more effectively. And the queries that you were doing, and
(23:48):
that's all you're really doing, now you're doing them, you know, faster,
you're able to access even more data and you're able
to then make it more secure. So that's why AI
becomes a force multiplier.
Speaker 2 (24:02):
Yeah, and just talk about the faster part. What does
faster mean in practical terms? If you're trying to defend
an enterprise against a cyber attack, what does speed matter
in that environment?
Speaker 3 (24:14):
You're always trying to find a place through I go
back to you. We brought up the army. You always
how do you break the line? How do you find
a penetration point? And when you think about you know,
pin testing, penetration testing, where are those? So if you're
able to do that faster than the bad guys, and
not only faster, but you're picking more probable points. This
(24:35):
is back to the intelligence. I could waste time doing
penetration testing someplace where That's why I mentioned leave if
they can't get in the second story windows. Why are
you spending time trying it so that becomes more effective?
So that's when I think of speed. That's what I
think of because with not just speed, I think it's
also what's effective.
Speaker 4 (24:55):
Just to put a put a fine point on it.
So I found a way in Okay, Now what I
don't know where the jewelry is, so I have to
look around and see if there's any hidden gems and
try to find my way. That used to take a week,
two weeks, sort of seven to fourteen days. Now it's hours, right,
So they're in and they can actually expeltrate data within
less than a day. The metric we use in the
(25:16):
security operation Center is meantime to detect, so to see
anyone's there, meantime to respond and remediate to get them
out right. That used to be also you know, seven eight, nine,
ten days. Now it needs to be less than an hour.
And with our AI based security operations platform, it is.
Now you've got one tool that whether it's all peloton
(25:38):
networks or whether it's just you know, hoofringing data from
other places, then you're able to see it all together.
So you actually get fewer alerts, so you get from
thousands of alerts down to one hundred alerts right, and
you can investigate them and you investigate them using AI too.
And AI is today, it's today's threat, but it's you know,
you think about threat and opportunity to think about what's next.
You always have to be kind of evolving.
Speaker 3 (25:59):
And you have to. I think we talk about threat
and risk. You know, we didn't tell you know, what
is the cost of cyber some type of penetration. It's
typical costs is about four and a half million dollars.
And that's just in labor and remediation. If you think
about reputational risk as well, our Institute for Business Value
(26:22):
to the study and found it in twenty twenty three
and they were thirty nine banks that we watched that
suffered a reputational risk market value of one hundred and
thirty billion dollars. And so you start to think, wow,
that's just reputational risk. So that's what's at stake here,
and it's only that is only going to get bigger.
Speaker 4 (26:45):
So one of the piece we haven't talked about about
AI that I find super interesting because we've been talking
essentially about like the terminator, the robots fighting robots, right,
like whose robots are quicker? Like I'm designing a tax
and I'm defending against tax and I think that's that's
super important. But we recently launch and our working at
IBM on our AI security product to actually secure the
(27:05):
use of ALI because it also opens up another set
of threat factors. I'll give you an example. I'm a
marketing executive now for your hospital. So I work for you,
and you want to announce the launch of a new center,
and so I upload all the information about all the
patients and our you know how we do things into
chat GPT to write the PR for me. Well, I've
(27:26):
also just uploaded to chat GPT a whole bunch of secrets, right.
So it's it's how employees are using AI, because I think,
you know, some companies are sort of building their own
language models and their own AI applications that they want
to keep secure. Others are just curious about how their
employees are using AI applications on the shelf, and so
we announced in May a product where you can actually
(27:47):
scan and see how AI is being used in your
enterprise and within We made the announcement with the GA
was last month, but we made the announcement in May,
and we had immediately thousands of CIOs signing up because
just understanding you know who's using what it's another open
question because you know, we talk about AI enhancing productivity
and all the benefits it's going to bring, but it
brings it brings risks, not just in how it's being
(28:09):
used by the thread actors, but also you know what
other vulnerabilities that.
Speaker 2 (28:13):
Exc It's the eye that you does that system tell
you what's a problematic use.
Speaker 4 (28:20):
It does, so what what it does, and you've got
to train it right. But what it does is say
this is this is outside of your policy. So CIOs
will set policies on here's what is acceptable and not
acceptable use. So we'll be able to scan and say
these these falling uses are outside of policy, and then
it'll punt and say I think this is too restrictive,
I think this is too permissive, and then you can
sort of update your policies from there. That's just sort
(28:41):
of the visibility piece, and then there's the run time piece,
which will actually stop you from using it. So you
go and say, okay, here's all my patient's social security numbers.
I'm going to upload them to chat GPT to you know,
get an understanding of like where they all live. I
don't know what why you would possibly do that, but
let's say you are and then you know, it'll note
that looks like a social security number. You can't upload
that into your prompt.
Speaker 2 (29:01):
So it will stop you before you Yeah, thoughtful voice
over your shoulder, just to remind you not to do
something silly exactly. But this is just talk a little
bit more about adding AI into this mix. You say
it's a force multiplier. It's a really interesting dig into that.
What other instances of what that means? How does the
(29:25):
balance between AI and human expertise work in the kind
of next generation of cybersecurity?
Speaker 3 (29:33):
I think the common way to look at as it
back to the force multipliers, It's not going to be
is your AI better? But can you use it better?
Can you ask your AI the right questions? Are you
well trained? So the competition really becomes your use of AI?
And are you pointed it in the right direction. You
(29:56):
have fifty people, can they do the work of two
hundred and fifty? And can they do it in a
safe and secure manner? So you're not opening up more
risk based on or too much risk is your risk
tolerance in order to get the outcome. So that's why
I think there's the opportunity. And so you see this
truly as a force multiplier because the first thing people go, oh,
(30:18):
you're going to get rid of people. Oh, the people
portion is still still going to be just as important
because they're doing that other piece of work.
Speaker 4 (30:26):
One of my favorite statistics is that there are now
more bank tellers in the US than there were in
nineteen sixty before the ATM was invented. Right, So, but
it used to be you would go to your bank
because you had to. I remember doing this. You go,
you fill out your deposit slip, you hand it to
the teller and they give you your cash. And then ATMs
are invented. It's like, oh no, what's going to happen?
All these jobs and now there's more, Right, but you're
(30:48):
not withdrawing money from a bank teller. You're now doing
more sophisticated transactions. And so I think it's similar with AI, right,
like you want people doing things that only people can do.
Speaker 2 (30:58):
The human element remains absolutely central in all of this.
How do you make sure that your cybersecurity folks are
equipped to handle high value tasks are ready for this
increasing responsibility.
Speaker 4 (31:13):
There's a couple of ways to answer this, but I
think the more you're able to automate the routine and
the mundane tasks. For example, the bulk of cybersecurity happens
in the security operations center. There's analysts who are sitting
in that center. If they're spending all day either configuring
alerts or responding to alerts, they're not able to do
(31:34):
the advanced sort of threat hunting and analysis work. And
so I think a big chunk of it is just
freeing up their time to be able to do the
more advanced strategic work. And a lot of the automation
tools based on AI, like our cortex XIM product, is
it's designed to free up their time in order to
be able to do that.
Speaker 3 (31:52):
And from our perspective, is making sure that it's a
requirement to make sure that you have the qualifications because
people can easily get used to doing what they've always done.
I know this, and that's that's what I do. You say, well, no,
all the threat actors are learning on the fly. They're
trying to always outsmart you. So it's in your best interest,
(32:14):
our best interest, our client's best and partners best, and
that you are on the front leaning edge of that
learning capability.
Speaker 2 (32:22):
If you're talking to a client he wants to develop
a kind of unified cybersecurity strategy, what's the best single
piece of advice you can give them?
Speaker 4 (32:33):
You should have a single platform. It's hard not to
answer that, but it is true. I mean all joking
aside having you know the best of breed solutions that
are all talking to each other and able to stitch
together and identify threats before human might be able to.
That's number one, and number two is making sure you
have visibility on all elements so you're able to cover
(32:55):
your whole environment and understand how people are accessing it.
Speaker 3 (32:58):
I'd say think like a actor. Yeah, always think outside
in because you get comfortable the other way around.
Speaker 2 (33:07):
You guys work together with a fortunate enviioutrial company, and
I'd love for you to talk a little bit about
use that as a kind of case study for what
this collaboration between the two your two companies looks like.
When you work with a cloud.
Speaker 4 (33:23):
It really was, you know, IBM leading on a digital
transformation for this client that wanted to move their applications
into the cloud, and so you're asking a lot of
questions about how does AI increase the risk and the
surface area. Those same questions ten years ago were asked
about the cloud. And we're still on the journey where
where companies are migrating to the cloud. We're not anywhere
near finished that yet. And so there's two pieces to
(33:44):
a cloud migration. One is just refactoring for the cloud
to make sure the application works effectively in the cloud.
And the second is security. And then you built in
security by design using POW does prison of cloud products
to make sure that not only did you have the
visibility so our cloud product you can scan and see
where the vulnerability. And then there's also you know, cloud
firewalls essentially that will keep bad actors out and keep
(34:07):
the cloud instant secure.
Speaker 2 (34:09):
If we sit down and have this conversation five years
from now, which I actually hope we do, be fun,
this pretend is twenty twenty nine. Tell me what are
you happy about in twenty twenty nine.
Speaker 3 (34:22):
I think twenty twenty nine quantum computing is mainstream. I
think quantum computing is now quantum safe, where we're using
quantum computing to make sure that those bad actors aren't
as bad as they used to be back in twenty
twenty four, and that we're seeing around the corners and
(34:46):
that we're empowering our Palo Alto relationship. That in twenty
twenty nine is the premiere type of capability that people
are looking at when they think of what used to
be AI. Now is quantum capability.
Speaker 4 (35:02):
Yeah, yeah, I think for AI, everyone's just using it
as part of their job. The way email was an
innovation in the nineties, the way you know cloud was
an innovation in the twenty tens, and we thought, how
are we going to use this? What impact is it
going to have on productivity? All these people who are
spending their days typing up memos, like what are they
going to do? We're going to be past that fear
(35:24):
and we're all going to understand that it is this
like truly positive force multiplier. For you know, every employee
is able to do their best work and spend their
time on the things that only they can do, and
then the AI is doing the rest of that for them.
Speaker 3 (35:39):
Right, AI is fun to enable many things to work together.
It won't be just one language model. We won't even
think about. It will be the difference between you know,
Malcolm having a fax machine, stereo and a telephone and
a memo board. Now it's in your pocket and it's
(35:59):
all one thing and you don't even call that, you know.
I said, walk them into my kids the other day
and they're like, what's a walk man? So I do
think it will. It'll be part of the past and
it's it will be the thought of the seamless connection.
That is secure seamless connection, of HR, of finance, of distribution, logistics,
(36:19):
of billing, all of those will have a capability to
work together.
Speaker 2 (36:24):
Yeah, I have to do some social quick fire questions
you guys ready.
Speaker 3 (36:29):
All right?
Speaker 2 (36:31):
What's the number one thing that people misunderstand about AI?
Speaker 3 (36:35):
The reliance on data? What do you mean by that?
I think that it's just assumed that it's happening and
it can just go out and grab data anywhere.
Speaker 2 (36:45):
Yeah, you have.
Speaker 3 (36:47):
To have good data, reliable data, and access to the data.
Speaker 4 (36:51):
I mean people are too afraid of it.
Speaker 2 (36:53):
Checkbox and image generators are the biggest things in consumer
AI right now. What do you think is that next
big business application?
Speaker 3 (37:00):
I think it's the tying together of multiple capabilities. I'm
hinted towards this earlier is I think tying together the
disparate systems that sit in different parts of the organization
front office, back office, making it one office and tying
together those different functions. That's it.
Speaker 4 (37:15):
I mean, it's workflow automation. I think back to your
point on the reliance on data seems easy. It's a
lot harder than you think, because you have to have
everything set up in exactly the right way to get
all of your systems automated and the sort of the
more boring jobs taken care of so that humans could
do the strategic ones.
Speaker 2 (37:32):
How are you already using AI in your day to
day life?
Speaker 4 (37:37):
I mean I use it at work all the time,
and then I've found right now I go to chat,
GPT instead of Google to look things up. I like
having a conversation.
Speaker 3 (37:48):
We have a wonderful capability in our consulting business called
our consulting assistant, and consulting advantage is the proper name
for it, but I look at it as that assistant.
It's a force multiplier for me. So if I need
to pull together content proposals with the teams, we go
straight to that.
Speaker 2 (38:08):
We are one more we hear, so many definitions of
open related to technology. How do you define it and
how does the concept help you innovate?
Speaker 4 (38:18):
By definition? In cybersecurity, you don't want to be too open, right,
So I think we enable openness with this concept of
zero trust and saying like everyone's invited in as long
as you have the right credentials, right. So that's that's
one way, and then the other way is just making
sure you're connected to all the different systems in order
to be able to have that visibility and see what's happening.
(38:38):
Because if you are blind, that's the minute you have
that vulnerability.
Speaker 3 (38:43):
Yeah, and I'd say it's moving quickly with security. It
sounds contradictory open. Oh then that means you're not safe. No,
you are safe and you can move faster.
Speaker 2 (38:55):
Yeah, thank you so much. It's fun.
Speaker 4 (38:57):
Thanks a lot, Thank you great. We'll see you in
five years.
Speaker 2 (38:59):
Yea years, five years, man, I'll be old in five years.
Thank you to Jason kellyot IBM and Christy Fredericks at
Palo Alto Networks for that fascinating conversation about the threats
and opportunities in cybersecurity today. As Jason and Christie stressed,
(39:20):
AI can be a force multiplier for enterprise across industries.
When you're working with multiple products and have your data
in distributed environments, you need technology that will work across
your organization, and with Palo Alto Networks platform, you can
enhance cyber resiliency and simplify your operations. Through their collaboration,
(39:44):
IBM and Palo Alto Networks are charting the future a
fully integrated open end to end security solutions. Smart Talks
with IBM is produced by Matt Romano, Joey fish Ground,
Amy Gaines McQuaid, and Jacob Goldstein. We're edited by Lydia
Jane Kott. Our engineers are Sarah Bruguerer and Ben Tolliday.
(40:07):
Theme song by Gramoscope. Special thanks to the eight Bar
and IBM teams, as well as the Pushkin Marketing team.
Smart Talks with IBM is a production of Pushkin Industries
and Ruby Studio at iHeartMedia. To find more Pushkin podcasts,
listen on the iHeartRadio app, Apple Podcasts, or wherever you
listen to podcasts. I'm Malcolm Glapham. This is a paid
(40:31):
advertisement from IBM. The conversations on this podcast don't necessarily
represent IBM's positions, strategies, or opinions,
TechStuff News
Hosts And Creators
Oz Woloshyn
Karah Preiss
Popular Podcasts
United States of Kennedy
United States of Kennedy is a podcast about our cultural fascination with the Kennedy dynasty. Every week, hosts Lyra Smith and George Civeris go into one aspect of the Kennedy story.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com