IBM Randori Activation: Know Your Attack Surface experience

Category; Creative Use of Data; Entrant: IBM;

IBM interface showing a spherical visualisation

Enterprise-level security requires insight from two perspectives – IT professionals and the hackers trying to exploit a company’s vulnerabilities. But this essential part of any organisation’s infrastructure can be difficult to discuss without provoking paranoia or fear.

IBM Randori is software as a service (SaaS) from IBM Security that enables clients to view their organisation’s IT nfrastructure as an attack surface. Randori can identify, monitor and take action on these vulnerabilities before an attacker can compromise the security of a company and its customers’ data.

“We immediately became curious about what an attack surface actually looks like, so we ingested anonymous, high-level IT infrastructure data from small, medium and large companies. As we experimented with the information structurally, we discovered that the data is easily expressed as spherical objects.

IBM interface showing a spherical visualisation

“We began to understand and express these data formations as galaxies composed of hubs and endpoints in an IT infrastructure. To take advantage of the data’s explorability, and make the experience fully immersive, we designed the system around a hands-free, gesture-based controller, enabling a user to navigate the data in three-dimensional space using only their hands.”

The experience is segmented into five chapters, sequentially taking clients through a journey that educates, expounds and then inspires action. After a user explores the IT data set, they’re shown the same set from the perspective of a hacker. The data points literally transpose, exposing a surface that highlights vulnerabilities and their criticality. This transition is a metaphoric interpretation of how the product functions. It provides the opportunity for an IBM Security expert to engage users with various expertise levels in a conversation about enterprise security.

Concept, Design and Production: IBM,
Development and Experience:
Production, Fabrication, Installation and Logistics: George P Johnson