Turbotodd

Ruminations on tech, the digital media, and some golf thrown in for good measure.

Archive for the ‘predictive analytics’ Category

Batten Down The Hatches! IBM’s X-Force 2012 Trend And Risk Report

leave a comment »

It’s been a busy year for IT security incidents. Yesterday, John Markoff and Nicole Perlroth with The New York Times told us about yet another incident, this time a cyberattack involving antispam group Spamhaus and an anonymous group unhappy with their efforts.

Based on disclosed incident details such as the vulnerability used and attack type, IBM X-Force was able to determine that the majority of the security incidents disclosedin 2012 were carried out by the top left quadrant above, with attackers going after a broad target base while using off-the-shelf tools and techniques. This can be attributed to the wide public availability of toolkits, and to the large number of vulnerable web applications that exist on the Internet.

Click to enlarge. Based on disclosed incident details such as the vulnerability used and attack type, IBM X-Force was able to determine that the majority of the security incidents disclosed in 2012 were carried out by the top left quadrant above, with attackers going after a broad target base while using off-the-shelf tools and techniques. This can be attributed to the wide public availability of toolkits, and to the large number of vulnerable web applications that exist on the Internet.

But the list goes on and on. From the discovery of sophisticated toolkits with ominous names like Flame to cross-platform zero-day vulnerabilities, both consumers and corporations have been inundated with advisories and alerts regarding emerging threats. The frequency of data breaches and incidents—which had already hit a new high in 2011—continued their upward trajectory.

At the mid-year of 2012, IBM’s X-Force team predicted that the explosive nature of attacks and security breaches seen in the first half would continue. Indeed this was the case. While talk of sophisticated attacks and widespread distributed denial-of-service (DDoS) attempts made the year’s headlines, a large percentage of breaches relied on tried and true techniques such as SQL injection.

What continues to be clear is that attackers, regardless of operational sophistication, will pursue a path-of-least-resistance approach to reach their objectives. Integration of mobile devices into the enterprise continues to be a challenge. In the previous report, X-Force looked at some of the pitfalls and perils of implementing BYOD programs without strict formulations of policy and governance to support the use of these devices.

That said, recent developments have indicated that while these dangers still exist, and X-Force believes mobile devices should be more secure than traditional user computing devices by 2014. While this prediction may seem far fetched on the surface, it is based on security control trends and requirements that are being driven into the market by knowledgeable security executives.

In its latest report, X-Force explores how security executives are advocating the separation of personas or roles on employee-owned devices. It also addresses some secure software mobile application development initiatives that are taking place today. The distribution and installation of malware on end-user systems has been greatly enabled by the use of Web browser exploit kits built specifically for this purpose.

The intense proliferation of social networking across the Internet poses new challenges to companies that need to control the sharing of confidential information. Any employee that has access to the Internet is going to be exposed to social networking sites and because they are so frequently accessed,they have become a favorite target of scam and phishing.

Click to enlarge. The intense proliferation of social networking across the Internet poses new challenges to companies that need to control the sharing of confidential information. Any employee that has access to the Internet is going to be exposed to social networking sites and because they are so frequently accessed,
they have become a favorite target of scam and phishing.

Exploit kits first began to appear in 2006 and are provided or sold by their authors to attackers that want to install malware on a large number of systems.  They continue to be popular because they provide attackers a turnkey solution for installing malware on end-user systems.

Java vulnerabilities have become a key target for exploit kits as attackers take advantage of three key elements: reliable exploitation, unsandboxed code execution, and cross-platform availability across multiple operating systems. Java exploits have become key targets in 2012 and IBM X-Force predicts this attack activity to continue into 2013.

As X-Force also reported in the mid-year, spam volume remained nearly flat in 2012, with India claiming the top country of origin for spam distribution, but the nature of spam is changing. Broadly targeted phishing scams, as well as more personalized spear-phishing efforts continue to fool end users with crafty social-engineering email messages that look like legitimate businesses. Also, fake banking alerts and package delivery service emails have been effective as attackers refine their messages to look like the authentic messages that customers might normally receive.

Whether the target is individuals or the enterprise, once again, X-Force reminds organizations that many breaches were a result of poorly applied security fundamentals and policies and could have been mitigated by putting some basic security hygiene into practice.

Web applications are still topping the chart of most disclosed vulnerabilities, rising 14% in 2012 over the 2011 end of year numbers. As reported earlier in the mid-year report, cross-site scripting (XSS) dominated the web vulnerability disclosures at 53% of all publicly released vulnerabilities. Although SQL injection attack methods remain as a top attack technique, the actual disclosures of new SQL injection vulnerabilities remain lower than the 2010 peak X-Force recorded.

Social media has dramatically changed our lives with new ways to connect, personally and professionally. From this constant availability of information about individuals, attackers can readily access data to use in their activities.

Now, more than ever, individual employees who share personal details in their social profiles can be targeted for attacks.

The values for the evaluated threat and residualthreat can be determined by comparing thelikelihood or frequency of a threat occurring (high,medium, low) against the damage impact that couldhappen if the threat occurred (catastrophic, high,medium, low). The goal is to implement mitigationprocesses that either reduce the frequency of thethreat occurring or reduce the impact if the threatdoes occur. A requirement for this to be successful is to have aspecific, designated monitoring mechanism to monitorthe implementation of the treatment processes andfor the appearance of the threats. This monitoringmechanism should be monitored and alerts should beresponded to. It does no good to have network-basedanti-virus consoles gathering information about virusalerts across the network, if nobody is assigned tomonitor the console and respond to those alerts.Monitoring and responding is part of the mitigationprocess. (An example threat assessment and riskmitigation process chart is provided below, thoughthe IR team may identify a greater list.)

Click to enlarge. The values for the evaluated threat and residual threat can be determined by comparing the likelihood or frequency of a threat occurring (high, medium, low) against the damage impact that could happen if the threat occurred (catastrophic, high, medium, low). The goal is to implement mitigation processes that either reduce the frequency of the threat occurring or reduce the impact if the threat does occur. A requirement for this to be successful is to have a specific, designated monitoring mechanism to monitor the implementation of the treatment processes and for the appearance of the threats.

2012 X-Force Trend And Risk Report Highlight

Malware and the malicious web

  • In 2012, near daily leaks of private information about victims were announced like game scoreboards through tweets and other social media. Personal details, such as email addresses, passwords (both encrypted and clear text), and even national ID numbers were put on public display.
  • Based on data for 2012, it is not surprising that the bulk of the security incidents disclosed were carried out with the majority of attackers going after a broad target base while using off-the-shelf tools and techniques. X-Force attributes this to the wide public availability of toolkits and to the large number of vulnerable web applications that exist on the Internet.
  • The year began and ended with a series of politically motivated, high-profile DDoS attacks against the banking industry. An interesting twist to the banking DDoS attacks was the implementation of botnets on compromised web servers residing in high bandwidth data centers. This technique assisted in much higher connected uptime as well as having more bandwidth than home PC’s to carry out the attacks. In the sampling of security incidents from 2012, the United States had the most breaches, at 46%. The United Kingdom was second at 8% of total incidents, with Australia and India tied for third at 3%.
  • IBM Managed Security Services (MSS) security incident trends are markers that represent the state of security across the globe. The relative volume of the various alerts can help to describe how attacks are established and launched. They also frequently provide hints about how methods have evolved. Based on this, the main focus in 2012 may have been the subversion of systems, with larger coordinated attacks being executed across fairly broad swaths of the Internet.
  • IBM MSS has noted a dramatic and sustained rise in SQL injection-based traffic due, in large part, to a consistent effort from the Asia Pacific region. The alerts came from all industry sectors, with a bias toward banking and finance targets.
  • Web browser exploit kits (also known as exploit packs) are built for one particular purpose: to install malware on end-user systems. In 2012 X-Force observed an upsurge in web browser exploit kit development and activity—the primary target of which are Java vulnerabilities—and X-Force supplies some strategies and tips to help protect against future attacks (see end of post to download full report).
  • Java continues to be a key target for attackers. It has the advantage of being both cross-browser and cross-platform—a rare combination that affords attackers a lot of value for their investment. Web content trends, spam, and phishing Web content trends Top used websites are readily deployed as IPv6- ready, although attackers do not yet seem to be targeting IPv6 on a large scale.
  • One third of all web access is done on websites which allow users to submit content such as web applications and social media.
  • Nearly 50% of the relevant websites now link to a social network platform, and this intense proliferation poses new challenges to companies that need to control the sharing of confidential information.

Spam and phishing

  • Spam volume remained nearly flat in 2012.
  • India remains the top country for distributing spam, sending out more than 20% of all spam in the autumn of 2012. Following India was the United States where more than 8% of all spam was generated in the second half of the year. Rounding out the top five spam sending countries of origin were Vietnam, Peru, and Spain.
  • At the end of 2012, IBM reports that traditional spam is on the retreat, while scam and spam containing malicious attachments is on the rise. In addition, attackers are demonstrating more resiliency to botnet take downs which results in an uninterrupted flow of spam volume.

Operational Security Practices

Vulnerabilities and exploitation

  • In 2012, there were over 8,168 publicly disclosed vulnerabilities. While not the record amount X-Force expected to see after reviewing its mid-year data, it still represents an increase of over 14% over 2011.
  • Web application vulnerabilities surged 14% from 2,921 vulnerabilities in 2011 to 3,551 vulnerabilities in 2012.
  • Cross-site scripting vulnerabilities accounted for over half of the total web application vulnerabilities disclosed in 2012. Cross-site scripting dominated the web vulnerability disclosures. Fifty-three percent of all publicly released web application vulnerabilities were cross-site scripting related. This is the highest rate X-Force has ever seen. This dramatic increase occurred while SQL injection vulnerabilities enjoyed a higher rate than 2011 but were still down significantly since 2010.
  • There were 3,436 public exploits in 2012. This is 42% of the total number of vulnerabilities, up 4% from 2011 levels.
  • Web browser vulnerabilities declined slightly for 2012, but not at as high a rate as document format issues. While the overall number of web browser vulnerabilities dropped by a nominal 6% from 2011, the number of high- and critical severity web browser vulnerabilities saw an increase of 59% for the year.
  • Few innovations have impacted the way the world communicates quite as much as social media. However, with the mass interconnection and constant availability of individuals, new vulnerabilities and a fundamental shift in intelligence-gathering capabilities has provided attackers and security professionals alike with information useful for enhancing their activities.
  • Rather than seeing a particular enterprise as an individual entity, attackers can view enterprises as a collection of personalities. This gives attackers the opportunity to target specific people rather than enterprise infrastructures or applications. Furthermore, targeted people may also be targeted as individuals and not just as employees. In other words, the personal activities and lives of employees can be leveraged to target an enterprise.

Emerging Trends In Security

Mobile

  • Prediction: Mobile computing devices should be more secure than traditional user computing devices by 2014. This is a bold prediction that IBM recently made as part of its look ahead in technology trends. While this prediction may seem far-fetched on the surface, it is based on security control trends and requirements that are being driven into the market by knowledgeable security executives.
  • Separation of personas or roles: While a small percentage of enterprises have dealt with BYOD by using virtualized desktop solutions to separate and control enterprise applications and data from the rest of the personally owned device, a greater number of enterprises have wanted or required some form of separation or dual persona on mobile devices. This difference in use or adoption could be the result of greater numbers of devices driving greater risk in the percentage of personally owned mobile devices versus personally owned PCs in a BYOD program.
  • In many cases, enterprises have made significant investments into implementing Secure Software Development Life Cycle (SSDLC) processes. Today’s mobile application development benefits from this. Tools exist to support secure development as part of the process instead of being conducted in qualification or production. As a result, it should be more common for enterprises to have more securely developed mobile applications than their existing legacy applications. Closure of vulnerabilities in some traditional computing applications may only conclude as existing versions are sunset and replaced with newer, more securely developed replacements.
  • Over 2012, it is safe to conclude that more enterprises are supporting BYOD or the use of personally owned devices than previously. In the last two years, IBM Security has spoken to hundreds of global 2000 customers and out of those interviewed, only three said they had no plans to implement any kind of BYOD program.

To learn more on how your organization can work to address these types of vulnerabilities, download the full IBM X-Force 2012 Trend And Risk Report here.

Dr. Watson Finds Bedside Manner

leave a comment »

Back in September of 2011 I mentioned in this blog post that one of Watson’s first jobs outside of playing Jeopardy! was going to be in the healthcare industry.

Well, earlier today WellPoint, Inc. and Memorial Sloan-Kettering Cancer Center today unveiled the first commercially developed Watson-based cognitive computing breakthroughs.

These innovations stand alone to help transform the quality and speed of care delivered to patients through individualized, evidence based medicine.

Check out this short video to learn more about how physicians and other medical professionals are able to use IBM’s Watson technology to help them with their medical diagnostic tasks.

The American Cancer Society projects that 1.6 million new cancer cases will be diagnosed in the U.S. this year alone.  Studies suggest that the complexities associated with healthcare have caused one in five health care patients to receive a wrong or incomplete diagnosis.

These statistics, coupled with a data explosion of medical information that is doubling every five years, represents an unprecedented opportunity for the health care industry and next generation cognitive computing systems, to combine forces in new ways to improve how medicine is taught, practiced and paid for.

For more than a year now, IBM has partnered separately with WellPoint and Memorial Sloan-Kettering to train Watson in the areas of oncology and utilization management.

During this time, clinicians and technology experts spent thousands of hours “teaching” Watson how to process, analyze and interpret the meaning of complex clinical information using natural language processing, all with the goal of helping to improve health care quality and efficiency.

“IBM’s work with WellPoint and Memorial Sloan-Kettering Cancer Center represents a landmark collaboration in how technology and evidence based medicine can transform the way in which health care is practiced,” said Manoj Saxena, IBM General Manager, Watson Solutions (see my interview with Manoj at last fall’s InterConnect event in Singapore further down in the post).

“These breakthrough capabilities bring forward the first in a series of Watson-based technologies, which exemplifies the value of applying big data and analytics and cognitive computing to tackle the industries most pressing challenges.”

Evidence Based Medicine: Addressing Oncology Issues By Quickly Assimilating Massive Amounts Of Medical Information

To date, Watson has ingested more than 600,000 pieces of medical evidence, two million pages of text from 42 medical journals and clinical trials in the area of oncology research.

Watson has the power to sift through 1.5 million patient records representing decades of cancer treatment history, such as medical records and patient outcomes, and provide to physicians evidence based treatment options all in a matter of seconds.

In less than a year, Memorial Sloan-Kettering has immersed Watson in the complexities of cancer and the explosion of genetic research which has set the stage for changing care practices for many cancer patients with highly specialized treatments based on their personal genetic tumor type.

Starting with 1,500 lung cancer cases, Memorial Sloan-Kettering clinicians and analysts are training Watson to extract and interpret physician notes, lab results and clinical research, while sharing its profound expertise and experiences in treating hundreds of thousands of patients with cancer.

“It can take years for the latest developments in oncology to reach all practice settings. The combination of transformational technologies found in Watson with our cancer analytics and decision-making process has the potential to revolutionize the accessibility of information for the treatment of cancer in communities across the country and around the world,” said Craig B.Thompson, M.D., President of Memorial Sloan-Kettering Cancer Center. “Ultimately, we expect this comprehensive, evidence-based approach will profoundly enhance cancer care by accelerating the dissemination of practice-changing research at an unprecedented pace.”

The Maine Center for Cancer Medicine and WESTMED Medical Group are the first two early adopters of the capability. Their oncologists will begin testing the product and providing feedback to WellPoint, IBM and Memorial Sloan-Kettering to improve usability.

Speeding Patient Care Through WellPoint’s Utilization Management Pilot

Throughout WellPoint’s utilization management pilot, Watson absorbed more than 25,000 test case scenarios and 1,500 real-life cases, and gained the ability to interpret the meaning and analyze queries in the context of complex medical data and human and natural language, including doctors notes, patient records, medical annotations and clinical feedback.

In addition, more than 14,700 hours of hands-on training was spent by nurses who meticulously trained Watson. Watson continues to learn while on the job, much like a medical resident, while working with the WellPoint nurses who originally conducted its training.

Watson started processing common, medical procedure requests by providers for members in WellPoint affiliated health plans in December, and was expanded to include five provider offices in the Midwest. Watson will serve as a powerful tool to accelerate the review process between a patient’s physician and their health plan.

“The health care industry must drive transformation through innovation, including harnessing the latest technology that will ultimately benefit the health care consumer,” said Lori Beer, WellPoint’s executive vice president of Specialty Businesses and Information Technology. “We believe that WellPoint’s data, knowledge and extensive provider network, combined with the IBM Watson technology and Memorial Sloan-Kettering’s oncological expertise can drive this transformation.”

Watson-Powered Health Innovations

As a result, IBM, Memorial Sloan-Kettering and WellPoint are introducing the first commercially based products based on Watson. These innovations represent a breakthrough in how medical professionals can apply advances in analytics and natural language processing to “big data,” combined with the clinical knowledge base, including genomic data, in order to create evidence based decision support systems.

These Watson-based systems are designed to assist doctors, researchers, medical centers, and insurance carriers, and ultimately enhance the quality and speed of care.  The new products include the Interactive Care Insights for Oncology, powered by Watson, in collaboration with IBM, Memorial Sloan-Kettering and WellPoint.

The WellPoint Interactive Care Guide and Interactive Care Reviewer, powered by Watson, designed for utilization management in collaboration with WellPoint and IBM.

New Interactive Care Insights for Oncology  

  • The cognitive systems use insights gleaned from the deep experience of Memorial Sloan-Kettering clinicians to provide individualized treatment options based on patient’s medical information and the synthesis of a vast array of updated and vetted treatment guidelines, and published research.
  • A first of-its-kind Watson-based advisor, available through the cloud, that is expected to assist medical professionals and researchers by helping to identify individualized treatment options for patients with cancer, starting with lung cancer.
  • Provides users with a detailed record of the data and information used to reach the treatment options. Oncologists located anywhere can remotely access detailed treatment options based on updated research that will help them decide how best to care for an individual patient.

New WellPoint Interactive Care Guide and Interactive Care Reviewer 

  • Delivers the first Watson-based cognitive computing system anticipated to streamline the review processes between a patient’s physician and their health plan, potentially speeding approvals from utilization management professionals, reducing waste and helping ensure evidence-based care is provided.
  • Expected to accelerate accepted testing and treatment by shortening pre-authorization approval time, which means that patients are moving forward with the first crucial step toward treatment more quickly.
  • Analyzes treatment requests and matches them to WellPoint’s medical policies and clinical guidelines to present consistent, evidence-based responses for clinical staff to review, in the anticipation of providing faster, better informed decisions about a patient’s care.
  • WellPoint has deployed Interactive Care Reviewer to a select number of providers in the Midwest, and believes more than 1,600 providers will be using the product by the end of the year.

Watson: Then and Now

The IBM Watson system gained fame by beating human contestants on the television quiz show Jeopardy! almost two years ago. Since that time, Watson has evolved from a first-of-a-kind status,  to a commercial cognitive computing system gaining a 240 percent improvement in system performance,  and a reduction in the system’s physical requirements by 75 percent and can now be run on a single Power 750 server.

The transformational technology, named after IBM founder Thomas J. Watson, was developed in IBM’s Research Labs. Using advances in natural language processing and analytics, the Watson technology can process information similar to the way people think, representing a significant shift in the ability for organizations to quickly analyze, understand and respond to vast amounts of Big Data.

The ability to use Watson to answer complex questions posed in natural language with speed, accuracy and confidence has enormous potential to improve decision making across a variety of industries from health care, to retail, telecommunications and financial services.

For more information on IBM Watson, please visit www.ibmwatson.com.

You can also follow Watson on Facebook here, and via Twitter at hashtag #IBMWatson.

And below, you can see the aforementioned video where I interviewed IBM Watson general manager Manoj Saxena about Watson’s future at last year’s IBM InterConnect event.

The Vindication Of Nate Silver

leave a comment »

I was all set to write a closer examination of statistician and blogger Nate Silver’s most recent election predictions, a ramp up to during which he was lambasted by a garden variety of mostly conservative voices for either being politically biased, or establishing his predictions on a loose set of statistical shingles.

Only to be informed that one of my esteemed colleagues, David Pittman, had already written such a compendium post.  So hey, why reinvent the Big Data prediction wheel?

Here’s a link to David’s fine post, which I encourage you to check out if you want to get a sense of how electoral predictions provide an excellent object lesson for the state of Big Data analysis. (David’s post also includes the on-camera interview that Scott Laningham and I conducted with Nate Silver just prior to his excellent keynote before the gathered IBM Information On Demand 2012 crowd.)

I’m also incorporating a handful of other stories I have run across that I think do a good job of helping people better understand the inflection point for data-driven forecasting that Silver’s recent endeavor represents, along with its broader impact in media and punditry.

They are as follows:

 “Nate Silver’s Big Data Lessons for the Enterprise”

 “What Nate Silver’s success says about the 4th and 5th estates”

“Election 2012: Has Nate Silver destroyed punditry?” 

Nate Silver After the Election: The Verdict

As Forbes reporter wrote in his own post about Silver’s predictions, “the modelers are here to stay.”

Moving forward, I expect we’ll inevitably see an increased capability for organizations everywhere to adopt Silver’s methodical, Bayesian analytical strategies…and well beyond the political realm.

Live @ Information On Demand 2012: Craig Rhinehart On Predictive Healthcare

leave a comment »

I made it back to Austin late last night, mostly no worse for the wear.

There were a number of key announcements made at Information On Demand 2012 over the course of the past few days in Las Vegas.

One of those that I mentioned in one of my keynote post summaries was IBM Patient Care and Insights, new analytics software based on innovations from IBM Labs that helps healthcare organizations improve patient care and lower operational costs by considering the specific health history of each individual patient.

This is a fascinating new capability with profound implications for healthcare providers.

The new IBM solution provides the core capabilities for devising predictive models of various health conditions, which can be used to identify early intervention opportunities to improve the patient’s outlook by minimizing or avoiding potential health problems.

It features advanced analytics and care management capabilities to help identify early intervention opportunities and coordinate patient care.

Providing Individualized Care

At the core of IBM Patient Care and Insights, developed by IBM’s software, research and services teams, are similarity analytics that help drive smart, individualized care delivery.

Born in IBM Research, IBM similarity analytics is a set of core capabilities and algorithms that allow healthcare professionals to examine thousands of patient characteristics at once — including demographic, social, clinical and financial factors along with unstructured data such as physicians’ notes — to generate personalized evidence and insights, and then provide care according to personalized treatment plans.

By way of example, physicians can make personalized recommendations to improve a patient’s outcome by finding other patients with similar clinical characteristics to see what treatments were most effective or what complications they may have encountered.

They can also perform patient-physician matching so an individual is paired with a doctor that is optimal for a specific condition. With this solution, caregivers can better tap into the collective memory of the care delivery system to uncover new levels of tailored insight or “early identifiers” from historical/long term patient data that enable doctors and others to help manage a patient’s healthcare needs well into the future.

Craig Rhinehart, director for IBM’s ECM Strategy and Market Development organization, sat down with Scott Laningham and I earlier this week to describe the challenges facing health care, and how the IBM Patient Care and Insights can help improve health care by delivering dynamic case-based, patient-centric electronic care plans and population analysis.

Go here for more information on IBM Patient Care and Insights and IBM Intelligent Investigation Manager.

Live @ Information On Demand 2012: A Q&A With Nate Silver On The Promise Of Prediction

with 2 comments

Day 3 at Information On Demand 2012.

The suggestion to “Think Big” continued, so Scott Laningham and I sat down very early this morning with Nate Silver, blogger and author of the now New York Times bestseller, “The Signal and the Noise” (You can read the review of the book in the Times here).

Nate, who is a youngish 34, has become our leading statistician through his innovative analyses of political polling, but made his original name by building a widely acclaimed baseball statistical analysis system called “PECOTA.”

Today, Nate runs the award-winning political website FiveThirtyEight.com, which is now published in The New York Times and which has made Nate the public face of statistical analysis and political forecasting.

In his book, the full title of which is “The Signal and The Noise: Why Most Predictions Fail — But Some Don’t,” Silver explores how data-based predictions underpin a growing sector of critical fields, from political polling to weather forecasting to the stock market to chess to the war on terror.

In the book, Nate poses some key questions, including what kind of predictions can we trust, and are the “predicters” using reliable methods? Also, what sorts of things can, and cannot, be predicted?

In our conversation in the greenroom just prior to his keynote at Information On Demand 2012 earlier today, Scott and I probed along a number of these vectors, asking Nate about the importance of prediction in Big Data, statistical influence on sports and player predictions (a la “Moneyball”), how large organizations can improve their predictive capabilities, and much more.

It was a refreshing and eye-opening interview, and I hope you enjoy watching it as much as Scott and I enjoyed conducting it!

(Almost) Live @ Information On Demand 2012: A Q&A With IBM’s Jeff Jonas

with 2 comments

Jeff Jonas sat down last evening with Scott and I in the Information On Demand 2012 Solutions EXPO to chat about privacy in the Big Data age, and also gave a sneak look into the new “Context Accumulation” technology he’s been working on.

You really ought to get to know IBM’s Jeff Jonas.

As chief scientist of the IBM Entity Analytics group and an IBM Distinguished Engineer, Jeff has been instrumental in driving the development of some ground-breaking technologies, during and prior to IBM’s acquisition of his company, Systems Research & Development (SRD), which Jonas founded in 1984.

SRD’s technology included technology used by the surveillance intelligence arm of the gaming industry, and leveraged facial recognition to protect casinos from aggressive card counting teams (never mind the great irony that IBM’s Yuchun Lee was once upon a time one of those card counters — I think we need to have an onstage interview between those two someday, and I volunteer to conduct it!)

Today, possibly half the casinos in the world use technology created by Jonas and his SRD team, work frequently featured on the Discovery Channel, Learning Channel, and the Travel Channel.

Following an investment in 2001 by In-Q-Tel, the venture capital arm of the CIA, SRD also played a role in America’s national security and counterterrorism mission. One such contribution includes a unique analysis of the connections between the 9/11 terrorists.

This “link analysis” is so unique that it is taught in universities and has been the widely cited by think tanks and the media, including an extensive one-on-one interview with Peter Jennings for ABC PrimeTime.

Following IBM’s acquisition of SRD, these Jonas-inspired innovations continue to create big impacts on society, including the arrest of over 150 child pornographers and the prevention of a national security risk poised against a significant American sporting event.

This technology also assisted in the reunification of over 100 loved ones separated by Hurricane Katrina and at the same time was used to prevent known sexual offenders from being co-located with children in emergency relocation facilities.

Jonas is also somewhat unique as a technologist in that he frequently engages with those in the privacy and civil liberties community. The essential question: How can government protect its citizens while preventing the erosion of long-held freedoms like the Fourth Amendment? With privacy in mind, Jonas invented software which enables organizations to discover records of common interest (e.g., identities) without the transfer of any privacy-invading content.

That’s about where we start this interview with Jeff Jonas, so I’ll let Scott and myself take it from there…

IBM Announces New Security Solutions, Focuses On Cloud, Mobile, Big Data

leave a comment »

Today, IBM made a move designed to reduce the biggest security inhibitors that organizations face in implementing cloud, mobile and big data initiatives with the announcement of a broad set of security software to help holistically secure data and identities.

I blogged about IBM’s 2012 Global Reputational Risk and IT Study recently, the headline of which was this: Managing reputational risk is crucial to many organization’s business, and managing IT is a major part of their efforts.

I also interviewed Brendan Hannigan, the general manager of IBM’s Security Systems Division, at IBM InterConnect last week about some of these critical security matters.

Today, IBM made a move designed to reduce the biggest security inhibitors that organizations face in implementing cloud, mobile and big data initiatives with the announcement of a broad set of security software to help holistically secure data and identities.

New IBM Security Solutions

IBM’s new software capabilities help clients better maintain security control over mobile devices, mitigate internal and external threats, reduce security risks in cloud environments, extend database security to gain real-time insights into big data environments such as Hadoop, and automate compliance and data security management.

Along with IBM Security Services and IBM’s world-class research capabilities, this set of scalable capabilities supports a holistic, proactive approach to security threats spanning people, data, applications and infrastructure.

“A major shift is taking place in how organizations protect data,” said Brendan Hannigan, General Manager, IBM Security Systems. “Today, data resides everywhere—mobile devices, in the cloud, on social media platforms. This is creating massive amounts of data, forcing organizations to move beyond a traditional siloed perimeter to a multi-perimeter approach in which security intelligence is applied closer to the target.”

IBM is unveiling ten new products and enhancements to help organizations deliver real time security for big data, mobile and cloud computing.

Real Time Security for Big Data Environments 

State of the art technologies including Hadoop based environments have opened the door to a world of possibilities. At the same time, as organizations ingest more data, they face significant risks across a complex threat landscape and they are subject to a growing number of compliance regulations.

With today’s announcement, IBM is among the first to offer data security solutions for Hadoop and other big data environments.

Specifically, Guardium now provides real time monitoring and automated compliance reporting for Hadoop based systems such as InfoSphere BigInsights and Cloudera.

Highlighted data security solutions:

NEW: IBM InfoSphere Guardium for Hadoop

ENHANCED: IBM InfoSphere Optim Data Privacy

ENHANCED: IBM Security Key Lifecycle Manager

To learn more about the data security portfolio go here.

Mobile Security: Improving Access and Threat Protection

Today IBM is also announcing risk-based authentication control for mobile users, integration of access management into mobile application development and deployment as well as enhanced mobile device control.

IBM is also announcing a comprehensive Mobile Security Framework to help organizations develop an adaptable security posture to protect data on the device, at the access gateway and on the applications.

Highlighted mobile security solutions:

NEW: IBM Security Access Manager for Cloud and Mobile

ENHANCED: IBM Endpoint Manager for Mobile Devices

Go here to learn more about specific mobile security product attributes.

Cloud Security: From Inhibitor To Enabler

While the cloud can increase productivity with anywhere, anytime information access, it can also introduce additional challenges for enterprise security.

IBM today is announcing security portfolio enhancements designed to address these new challenges, providing improved visibility and increased levels of automation and patch management to help demonstrate compliance, prevent unauthorized access and defend against the latest threats using advanced security intelligence.

With IBM’s new SmartCloud for Patch Management solution, patches are managed automatically regardless of location and remediation cycles are reduced from weeks to hours thereby reducing security risks.

Additionally, IBM is announcing enhancements to its QRadar Security Intelligence Platform that provides a unified architecture for collecting, storing, analyzing and querying log, threat, vulnerability and security related data from distributed locations, using the cloud to obtain greater insight into enterprise-wide activity and enable better-informed business decisions.

The new IBM Security Privileged Identity Manager is designed to proactively address the growing insider threat concerns and help demonstrate compliance across the organization.

IBM Security Access Manager for Cloud and Mobile which provides enhanced federated single sign-on to cloud applications is now available with improved out-of-the-box integration with commonly adopted SaaS applications and services.

Highlighted cloud security solutions:

NEW: IBM SmartCloud for Patch Management

NEW: IBM Security Access Manager for Cloud and Mobile

NEW: IBM Security Privileged Identity Manager

ENHANCED: QRadar SIEM and QRadar Log Manager

Visit here to learn more about specific cloud security product attributes, please visit

Enhanced Mainframe Security Capabilities

In addition, IBM is announcing mainframe security capabilities that enhance enterprise-wide security intelligence based on QRadar security solution integration that provides real time alerts and audit reporting.

The mainframe offers Common Criteria Evaluation Assurance Level 5+ (EAL 5+) certification for logical partitions, providing a platform for consolidating systems, helping protect private clouds, and helping secure virtualized environment.

New IBM Security zSecure improvements help to reduce administration overhead, automate compliance reporting, enforce security policy, and pro-actively detect threats.

Highlighted zSecure security solutions:

ENHANCED: IBM Security zSecure

Through IBM Global Financing, credit-qualified clients can take advantage of 0% interest for 12 months on qualifying IBM Security products and solutions.

About IBM Security 

With more than 40 years of security development and innovation, IBM has breadth and depth in security research, products, services and consulting.

IBM X-Force is a world-renowned team that researches and evaluates the latest security threats and trends. This team analyzes and maintains one of the world’s most comprehensive vulnerability databases and develops countermeasure technologies for IBM’s security offerings to help protect organizations ahead of the threat.

IBM has 10 worldwide research centers innovating security technology and nine security operations centers around the world to help global clients maintain an appropriate security posture.

IBM Managed Security Services delivers the expertise, tools and infrastructure to help clients secure their information assets against attacks, often at a fraction of the cost of in-house security resources.

The Institute for Advanced Security is IBM’s global initiative to help organizations better understand and respond to the security threats to their organization. Visit the Institute community at www.instituteforadvancedsecurity.com.

Santa’s Virtual Elves

leave a comment »

I’ll be jetting off to Singapore early in the A.M. for the IBM InterConnect event, where I’ll be both blogging and broadcasting (via LiveStream and YouTube), interviewing a variety of IBM execs, partners, and clients.

Tune your TweetDeck now to hashtag #ibminterconnect to keep track of the festivities.  The event officially kicks off next Tuesday, October 9th.

As I was scanning my newsfeeds to catch up on what I’ve been missing all day while preparing for all those interviews, I saw that Facebook reached 1 billion users, although some of their recent moves, including the alteration of their algorithm to minimize brand page posts being seen by those who have opted in to “liking” that page, may start sending those numbers due south.

I also discovered that Microsoft is slated to launch its new Surface tablet at midnight on October 26th.

Midnight?  Really??  You guys couldn’t come up with something more original than that? 12:15, maybe? Or 12:30, even?

Sorry, dudes, I’m all tabletted out, although I will be keeping an eye on the horizon to see what gives with the iPad Mini.

Speaking of holiday shopping, the National Retail Federation released some important holiday shopping forecasts earlier this week that bear sharing.

The NRF’s 2012 holiday forecast expects sales will increase this season by 4.1 percent ($586.1 billion), well above the 10-year holiday average, but behind the 2011 season of 5.6 percent.

To which I say, “Bah, Humbug.” I do most ALL my holiday shopping online, so I’ll be doing my personal best to get those numbers up.  And I expect to pick up a few IBM “Smarter Commerce” tricks of the trade at the sessions next week in Singapore, which I’ll share.

Although I am inclined to show up on Black Friday to run at Wal-Mart with the mortar shopping “bulls!” Nothing like a little full contact holiday shopping, taking down a few eager shoppers to grab that last “Tickle Me Elmo!”

Kidding!

All these holiday tidings come just ahead of today’s news by Thomson Reuters, which reported that back-to-school sales growth slowed in September after “a strong August,” according to The New York Times “Economy” section.

Little Johnny don’t need no more pencils, Mom.  Get in line and buy that kid a Nexus 7!

But the story doesn’t end there.

AlixPartners’ Joel Bines is also quoted in the story as saying this doesn’t necessarily bode badly for the holiday shopping season, as no “conclusive” ten-year correlation between back-to-school and holiday sales seems evident.

As for me, as I fly Eastward, I’m going to have to start giving some serious consideration to my own Christmas holiday shopping list for Santa.

Of course, I’ve been extremely bad this year, which is par for the course, but hey, it never hurts to ask!

Next stop, Singapore, where I hope NOT to participate in any caning demonstrations.

But keep an eye out on YouTube just in case.

Thinking Big @ Information On Demand 2012

leave a comment »

Nate Silver, author of the blog “FiveThirtyEight,” will be one of the featured keynote speakers at this year’s IBM Information On Demand 2012 event in Las Vegas, Nevada, October 21-25. Silver correctly predicted the results of the primaries and the U.S. presidential winner in 2008 in 49 states through his statistical analysis of polling data, and at IOD will explain how to distinguish real signals from noisy data as well as how predictive analytics is used in politics.

That annual festouche and gathering of all things data is just around the corner.

Yes, that’s right, it’s almost time for IBM Information on Demand 2012.

So in order to start the drumbeat, I wanted to take a few moments and point you to some useful resources as you prepare to make your way to the Bay of Mandalay, and to optimize your time on the ground in Vegas.

First, the new (and official) IBM Information on Demand blog, which you can find here.

The blog includes easy access to some of the social media channels that will be covering the event (including Facebook, Twitter, LinkedIn and YouTube).

Of course, never forget the official IOD hashtag, #ibmiod, where you’ll be able to follow the endless stream of tidings leading up to, during, and after the event.

The blog also has links off to the IOD 2012 registration engine, as well as to the IOD SmartSite so you can start thinking about your IOD calendar now (I do NOT advise waiting until the last minute…talk about information overload!)

We’ve got some exciting guest speakers this year, including Nate Silver, statistics blogging extraordinaire who first found fame with his “FiveThirtyEight” blog, which is now part of The New York Times family of media properties.

Silver analyzes politics the way most of us should be analyzing our business: Through data…and lots of it.

His analysis of political polling data is unparalleled, and in the 2008 U.S. presidential election, Silver correctly predicted the results of the primaries and the presidential winner in 49 states.

His recent book, “The Signal and The Noise: Why Most Predictions Fail — But Some Don’t,” explores the world of prediction, “investigating how we can distinguish a true signal from a universe of noisy data.” Silver tackles some of the big questions about big data, so we’re very excited to have him join us in Vegas for IBM’s own big data marathon event.

At this year’s event, we’ll continue our trend of including tracks for specialized areas of interest, including forums for Information Management, Business Analytics, Business Leadership, and Enterprise Content Management.

And, of course, you’ll be able to find Scott Laningham and myself down in the EXPO center, where we’ll be talking to and interviewing many of the IBM and industry luminaries on the important data-related topics being discussed at the event.

Speaking of data, this will be my seventh IOD in a row, so I’m looking forward to seeing many of you once again.

Meanwhile, keep an eye here on the Turbo blog for future IOD-relevant posts.

Boxed In In Bangalore: Analyzing Sentiment On Indian Traffic Congestion

leave a comment »

Click to enlarge. With a population of more than 1.2 billion, India is projected to be the world’s most populous country by 2025. By 2050, it is estimated that India’s urban population will constitute nearly half of that country’s total population, straining an already stressed infrastructure. The good news: Urbanization is an indicator of positive economic development. With improved urban planning, India can tackle urbanization challenges and increasing population to create a country that is poised for sustainable growth.

We heard a number of discussions about the potential for social listening intelligence last week at the Smarter Commerce Global Summit in Orlando.

This is an area I’ve been involved in within the IBM team for several years now, starting with some early explorations for how social data could be informative for our marketing efforts stretching all the way back to 2008.

It’s been exciting to watch this space evolve and mature, and with the advent of the IBM Social Sentiment index, we’re starting to see very practical uses of social data for better understanding if not the wisdom, then certainly the perspectives, of the crowd.

Yesterday, IBM held a Smarter Cities Forum in New Delhi, India, where we unveiled a new social sentiment capability to assist our customers in their Smarter Cities engagements.

We also unveiled findings from the latest IBM Social Sentiment Index on traffic, which looked at public sentiment across India’s largest cities — Bangalore, New Delhi and Mumbai.

Boxed In In Bangalore

If you’ve never experienced traffic in India, you can get a taste of the Sunday traffic in this video I shot during my first visit in June 2010.

But the recent analysis of publically available social media showed that the worst congestion in India is primarily caused by accidents and bad weather (three out of four times) when looking at the three cities together.

It also indicated some interesting variations between the three. For example, social conversation in Mumbai about stress around traffic is about half as high as Bangalore and New Delhi; references to the impact of rush hour on congestion in New Delhi are between five and seven times more negative than in Bangalore and Mumbai.

With a wealth of online content and public commentary on social channels such as Twitter and Facebook, city officials need new ways to measure positive, neutral and negative opinions shared by citizens regarding important city issues.

IBM’s advanced analytics and natural language processing technologies used to analyze large volumes of public social media data in order to assess and understand citizen opinions are now available to city governments around the world via new capabilities delivered with the IBM Intelligent Operations Center (IOC) for Smarter Cities.

Making Cities Smarter: The IBM Intelligent Operations Center

The IOC — which combines IBM software and services to integrate city operations through a single dashboard view to help cities improve efficiency — is now augmented with social media analytics capabilities that will help city officials make more informed decisions by looking at unfiltered citizen attitudes and actions, distinguishing between sincerity and sarcasm and even predicting trends as they surface online.

Combining the knowledge that population will rapidly increase in Bangalore, New Delhi and Mumbai in the coming years, with sentiment on commuters’ preferred mode of transportation, could help these cities more accurately plan for needed investments in transportation infrastructure and its potential impact.

City officials could also gauge where public awareness campaigns need to be administered to shift commuters to different modes of transport in order to alleviate growing traffic congestion.

The IBM Social Sentiment Index on transportation in India’s three largest cities surfaced several insights including:

  • The top three factors impacting traffic congestion that citizens in each city talked about most online were diverse. Delhites chattered about public transportation, weather and the stress of commuting, while Bangaloreans show more concern for their overall driving experience, construction and parking issues, and Mumbaikars are talking about private transportation, accidents and pollution more often.
  • Conversation in Bangalore around parking is viewed three times more negatively than in the other cities. Despite recent infrastructure improvements, less pollution and a solid public transit system, Delhites are experiencing a far higher amount of stress (50 percent) than those in Mumbai (29 percent) or Bangalore (34 percent). Most likely, this can be explained by an uptick in rallies and weather events this year, as well as the recent power outage.
  • Surprisingly, sentiment on the topic of construction was relatively positive in Bangalore and New Delhi, and positive and negative sentiment on infrastructure in each was relatively even. Together, these may suggest that the transportation infrastructure improvements being made over the last two years in each city are beginning to positively impact citizens.
  • Analysis shows that the relative negative sentiment for rush hour (35 percent) is one of the key drivers impacting traffic in New Delhi, which may explain why citizens talk about stress significantly more than commuters in Mumbai or Bangalore.

By applying analytics capabilities to the area of social media sentiment, organizations are able to better understand public opinions, and city officials can gain additional insights in order to draw logical conclusions about where they should focus their attentions and resources.

For example:

  • Take Bangalore, the technology hub of India. Understanding that most commuters prefer private transportation despite negative sentiment around parking and construction may indicate that city officials should consider if it makes sense to advocate for more commuters to use mass transit and invest in infrastructure that will keep up with demand as more companies locate there.
  • Since Dehlite’s indicate that public transportation is the preferred mode of transportation, city officials could use this insight to study which areas have high ridership and less road traffic and then implement similar actions in highly congested areas.
  • In Mumbai, negative sentiment around traffic and weather at the peak of monsoon season (August) generated 5.5 times more chatter than in November. If the city could measure the fluctuation of public sentiment on these potential causes over time combined with specific weather data like rainfall or temperature, it might be able to better prepare to divert traffic during monsoon season or determine areas where a public safety campaign is needed.

“Like all rapidly growing cities across the world, there are infrastructure growing pains in many Indian cities,” said Guru Banavar, vice president and chief technology officer, Smarter Cities, IBM. “However, when city officials can factor public sentiment — positive, negative or otherwise — around city services like transportation, they can more quickly pinpoint and prioritize areas that are top of mind for their citizens. This could mean more targeted investment, improving a particular city service, more effective communication about a service that is offered, and even surfacing best practices and successful efforts that could be applied to other zones of a city.”

Methodology: IBM Cognos Consumer Insights And 168,000+ Discussions

Public social media content was analyzed by IBM Cognos Consumer Insight, which assessed 168,330 online discussions from September 2011 to September 2012 across social platforms including Twitter, Facebook, Blogs, Forums and News Sources and derived 54,234 High Value Snippets through a series of advanced filtration techniques for insight analysis.

The IBM Social Sentiment Index helps companies tap into consumer desires and make more informed decisions by looking at unfiltered consumer attitudes and actions, distinguishing between sincerity and sarcasm, and even predicting trends.

About the IBM Social Sentiment Index

The IBM Social Sentiment Index uses advanced analytics and natural language processing technologies to analyze large volumes of social media data in order to assess public opinions. The Index can identify and measure positive, negative and neutral sentiments shared in public forums such as Twitter, blogs, message boards and other social media, and provide quick insights into consumer conversations about issues, products and services.

Representing a new form of market research, social sentiment analyses offer organizations new insights that can help them better understand and respond to consumer trends. For more information about IBM Business Analytics go here.

You can also follow the conversation at #IBMIndex on Twitter.

For more information about IBM Smarter Cities go here, and follow the conversation at #smartercities on Twitter.

%d bloggers like this: