Techaisle Blog

In today's complex threat landscape, security is no longer an optional add-on but rather a fundamental requirement for businesses of all sizes. Lenovo's ThinkShield security platform addresses these needs with a multi-layered approach, providing robust protection from the supply chain to the cloud. This article will explore the key components of Lenovo ThinkShield, its benefits, and how it compares to the competition, HP.

Lenovo's ThinkShield security framework employs a multi-layered approach to safeguard devices throughout their lifecycle. The foundation rests on a Zero Trust Supply Chain, prioritizing the integrity of devices from their inception. This layer ensures that hardware components are genuine and free from tampering during manufacturing. Building upon this, the Below the OS layer focuses on firmware-level protection, encompassing critical components like the BIOS and enabling secure remote management capabilities. Finally, the OS-to-Cloud layer addresses specific security needs and provides comprehensive endpoint protection by integrating with various operating systems and cloud-based security services. This layered approach offers a robust defense against evolving threats by addressing security vulnerabilities at multiple levels, from the hardware to the cloud.

Zero Trust Supply Chain: Securing the Foundation

Zero Trust is a pivotal strategy in today's dynamic business landscape, particularly for mobile and remote workforces. As organizations increasingly rely on "systems of engagement" to connect with customers and suppliers and embrace cloud-centric IT delivery models, Zero Trust becomes crucial for achieving agility. However, the impact of cybersecurity extends beyond mere agility. Effective cybersecurity fosters rapid innovation and expedites market entry by enabling the secure utilization of data for critical insights without escalating business and compliance risks. Furthermore, robust cyber resilience is paramount for building resilient supply chains. This mitigates the impact of erratic pricing, delivery disruptions, and other vulnerabilities that can erode customer relationships, damage market share, and even threaten the viability of SMBs and midmarket businesses.

While Zero Trust provides a foundational framework for secure operations, its effectiveness hinges on the security of the individual devices that access and interact within this framework. Recognizing this, Lenovo prioritizes device security from its very inception. The foundation of this approach lies in its robust supply chain security, centered around the Trusted Supplier Program. This program involves a rigorous vetting and validation process for all partners and suppliers, ensuring the integrity of components even before they are integrated into Lenovo devices. A key component of this layer is "Build Assure," a unique offering that provides a comprehensive view of the components within a device at the point of manufacturing, further enhancing transparency and control over the device's security posture.

• Encrypted Snapshots: Build Assure takes an encrypted snapshot of the critical components within a device during manufacturing. The IT team can then use this snapshot to validate that the components are legitimate and have not been tampered with during the manufacturing or logistics process.
• Runtime Attestation: Lenovo has enhanced this offering to include runtime attestation. This allows IT teams to verify the integrity of device components not just at the point of delivery but also at any point after the device has been deployed. This feature is particularly valuable in today's hybrid and remote work environments, where devices can be exposed to various risks.
• Verification of Components: IT managers can confirm that all components are legitimate and have not been tampered with. This offers supply chain security and provides governance by verifying that components are correctly sourced.

SMB buyers are acutely aware of the threat cyber attacks pose to their businesses. The Techaisle SMB and Midmarket Security Adoption Trends survey of 2,035 IT and business decision-makers from SMB and upper midmarket firms found that nearly 30% of SMBs (1-999 employees) consider cyber attacks to be among the top three issues facing their business, with an additional 26% stating that it is the most pressing/critical IT issue facing their firms. However, less than half of the respondents were more optimistic, choosing one of three responses: “it is a critical issue, but we have established best practices to control cyber attacks,” “it is one of many different issues, and we are satisfied with our status,” or “cyber attacks are not a significant issue.”

Drilling down, we see that small businesses (1-99 employees) are less inclined to see cyber threats as a top-one IT issue or a top-three business issue; this likely arises from the fact that SMBs have less mature IT operations (meaning that many factors that are controlled in larger firms could represent top IT issues) and that they face a wide array of daily business challenges. The data showing that small businesses are likelier to have established best practices to control cyber attacks probably isn’t grounded in market reality: small businesses that handle security internally lack the resources needed to deploy optimal defenses.

However, those relying on a capable third party may reasonably claim to use best practices. Most worrying from this data, though, are the top two bars, indicating that 22% see cybersecurity as “one of many issues, and we are satisfied with our status,” with another 12% claiming that “cyber-attacks are not a significant issue.” There are small businesses – for example, individuals billing larger businesses for hourly labor – for whom cyber attacks wouldn’t represent a critical issue. However, the data shows that one-third of small businesses are unconcerned about cybersecurity. In contrast, independent studies show that most small businesses fail within six months of being breached. Techaisle thinks these businesses likely struggle to find financial justification for investments in meaningful cyber defense and instead persuade themselves that this is not a real business problem for them. Techaisle suspects that many of these firms are tuned into vulnerabilities associated with digital business practices and might be persuadable concerning the value of cybersecurity if issues and remedies were clearly and convincingly presented to them.

Core midmarket (100-999 employees) and upper midmarket (1000-4999 employees) businesses take a more proactive view of these issues. Approximately two-thirds of respondents in each group view cyber attacks as either their most critical IT issue or a top-three business issue, with the core midmarket group evenly split between these positions and the upper midmarket more likely to identify cyber as a top IT concern. More than 80% of these organizations are focused on establishing effective cyber defenses and should be viewed as prime candidates for effective solutions.

Should SMBs worry about cyber attacks?

The data above begs a related question: Is the lack of concern demonstrated by small businesses rooted in reality – is it the case that one-third of respondents don’t have much to fear from cyber-attacks?

I have been a regular attendee of IBM Think for many years. The recently held IBM Think 2023 was a defining moment in more ways than one. First, IBM presented a cohesive narrative around Open Hybrid Cloud, Security, AI, and Ecosystem that resonated with customers and partners. Second, IBM demonstrated its commitment to helping companies leverage AI by introducing watsonx. This platform includes foundation models, generative AI, and a governance toolkit. Finally, at its recent Think event, IBM emphasized the impact of ChatGPT and AI on businesses and demonstrated the capabilities of watsonx. The company also highlighted the importance of its partner ecosystem and announced plans to invest in and expand its network to double its revenues. In this article, I will discuss several strategic initiatives that are likely to make a significant impact. In particular, I will delve into the details of the new QRadar suite, the generative AI capabilities of watsonx, and IBM’s efforts to empower partner success.

The rise in remote work and global interconnectivity of devices has brought significant changes and challenges to cybersecurity. Organizations are dealing with complex IT systems that require better visibility, threat detection, and incident response capabilities. Adopting cloud technology, especially hybrid cloud environments, has further complicated the situation. Security teams need help to secure public-facing applications running in the cloud and ensure all applications are up to date.

There is a growing demand for gathering more security data to enhance visibility. However, data collection can be costly and complicated, particularly when transferring it between different cloud platforms. In addition, organizations deploy multiple security tools to protect their new cloud infrastructure, adding to the challenges faced by security professionals.

Organizations are setting up enhanced Security Operations Centers (SOCs) to address these challenges. However, SOC professionals often face overwhelming workloads and require user-friendly tools that can be integrated with different security products. In addition, manual investigation of threats slows down their response time. To address these challenges, IBM has introduced a range of security solutions, including the IBM QRadar Suite.

QRadar Suite: Overview

The QRadar Suite is a subscription-based (SaaS) offering that combines AI-enhanced versions of IBM's existing threat detection and response solutions into a comprehensive global product. It represents a significant advancement and expansion of the QRadar brand, encompassing all critical technologies related to threat detection, investigation, and response. The original QRadar technology was integrated into IBM's portfolio after the acquisition of Q1 Labs in 2011. The new QRadar Suite goes beyond traditional security information and event management (SIEM) capabilities, aiming to provide a unified experience for security management. Its goal is to assist organizations in managing extended detection and response (EDR/XDR) capabilities, SIEM functionalities, and Security Orchestration Automation and Response (SOAR) in cybersecurity.

In addition, IBM has enhanced the suite's capabilities via strategic acquisitions. For example, the inclusion of SOAR capabilities results from the purchase of Resilient in 2016, while the EDR capabilities are attributed to the addition of ReaQta in 2021. Additionally, the QRadar Suite includes a new product, QRadar Log Insights, a cloud-based tool for security log management and federated search and investigation.

Standout Elements: Unified Interface, Automated Investigation, and Flexible Purchase

The QRadar Suite stands out due to three key features: a unified interface, automated investigation capabilities, and flexible purchase options.

Firstly, the suite has been developed in collaboration with security analysts, resulting in a unified and modernized interface that centralizes capabilities and workflows across IBM QRadar and 3rd party solutions. The Unified Analyst Experience (UAX) centralizes insights across both IBM and 3rd Party security tools, not just IBM products. It does this through its “Federated Search” capability. This consistent interface assists analysts throughout their investigation, response, and threat-hunting workflows across EDR/XDR, SIEM, SOAR, and Security Log Management (SLM). In addition, it empowers them to navigate the attack chain swiftly and efficiently, enhancing their response effectiveness.

Secondly, the suite includes Threat Investigator, an AI-powered automated investigation feature that helps manage and prioritize threat alerts by providing comprehensive details about threats and recommending automated response actions for quick mitigation. By automating the data mining processes across various security systems, Threat Investigator reduces the manual effort required for alert investigation, enabling faster response times. The suite also combines essential threat detection, research, and response technologies. Built on an open hybrid cloud platform (OpenShift), it enables extensive interoperability with over 900 pre-built integrations and has a comprehensive partner ecosystem. Leveraging MITRE and SIGMA natively, the suite allows security teams to adapt and keep pace with attackers seamlessly.

Thirdly, it offers flexible purchase options. Customers can obtain individual components separately or as a comprehensive suite. While most components are delivered as a service through AWS, the SIEM component is initially present on the IBM Cloud. It becomes available on AWS at the end of June, allowing for streamlined deployment, enhanced visibility, and seamless integration across cloud environments and data sources. In addition, the modular design of the suite enables customers to start using it with their desired products and easily add additional components as needed.

It is the best of places; it is the worst of places. The famous opening line echoed from the Dickens masterpiece “A Tale of Two Cities” describes a period in which opposites – wisdom and foolishness, light and darkness, hope and despair – exist side by side. The events and depths of emotion described in the novel are much more extreme than the scenarios cloud and overall IT adoption presents to businesses. But the notion that there are opposing elements of opportunity and requirement associated with the cloud would ring true to SMB and midmarket executives, who need to balance the new business outcomes that they can achieve via cost-effective cloud/IT solutions with the need to safeguard users, data, and applications from malicious intruders. The upside is competitiveness in a fast-moving economy; the downside is destroying customer relationships and corporate reputations at the core of business success. Where is the safe middle ground – the approach that results in optimal business protection and access to the upside associated with cloud/IT solutions?

The market is buzzing with discussions on zero trust (ZT). A Techaisle survey of 2035 SMBs and Midmarket firms shows that 8% of small businesses, 46% of core-midmarket firms, and 69% of upper midmarket firms know of ZT and that 21% of SMBs and 64% of midmarket firms consider its adoption either very important or important. Critical reasons for adopting zero trust include reducing insider threats, breach prevention, compliance, mitigating endpoint threats, and managing hybrid IT and remote work security issues.

However, most firms need to be made aware that ZT is not a product but a framework that requires a focus on the journey and strategy. Regardless, 14% of “in the know” SMBs and 35% of upper midmarket firms have begun planning their investments in ZT technology, initially focusing on identifying their critical digital assets and security vulnerabilities.