The need for trusted threat intelligence is greater than ever, as 80 percent of cyberattacks are driven by highly organized crime rings in which data, tools and expertise are widely shared. Though hackers have mobilized, their targets have not. A majority (65 percent) of in-house cybersecurity teams use multiple sources of trusted and untrusted external intelligence to fight attackers.
The X-Force Exchange builds on IBM’s tremendous scale in security intelligence, integrating its powerful portfolio of deep threat research data and technologies like QRadar, thousands of global clients, and acumen of a worldwide network of security analysts and experts. Leveraging the open and powerful infrastructure of the cloud, users can collaborate and tap into multiple data sources, including:
Today, the X-Force Exchange features over 700 terabytes of raw aggregated data supplied by IBM. This will continue to grow, be updated and shared as the platform can add up to a thousand malicious indicators every hour. This data includes real-time information which is critical to the battle against cybercrime.
“The IBM X-Force Exchange platform will foster collaboration on a scale necessary to counter the rapidly rising and sophisticated threats that companies are facing from cybercriminals,” said Brendan Hannigan, General Manager, IBM Security. “We’re taking the lead by opening up our own deep and global network of cyber threat research, customers, technologies and experts. By inviting the industry to join our efforts and share their own intelligence, we’re aiming to accelerate the formation of the networks and relationships we need to fight hackers."
Open, Automated and Social Threat Sharing
Built by IBM Security, the IBM X-Force Exchange is a new, cloud-based platform that allows organizations to easily collaborate on security incidents, as well as benefit from the ongoing contributions of IBM experts and community members. Since the beta launch of the X-Force Exchange, numerous early adopters have joined the community.
By freely consuming, sharing and acting on real-time threat intelligence from their networks and IBM’s own repository of known threat intelligence, users can identify and help stop threats via:
Within the platform, IBM will provide future support for STIX and TAXII, the emerging standard for automated threat intelligence sharing, for easy extraction and sharing of information to and from the exchange, as well as seamless integration into existing security systems.
Putting Cyber Threats in Context
For the first time, organizations can directly interact with IBM’s security analysts and researchers, as well as their industry peers, via the platform to validate findings and expose them to other companies fighting cybercrime.
For example, a security researcher might discover a new malware domain, noting it as malicious within the platform. From there, a security analyst at another company could find this domain from his or her network on the exchange and consult with other analysts and experts to validate its danger. The analyst would then apply blocking rules to his or her own company’s digital presence, stopping malicious traffic, and – via the platform - would rapidly alert the organization’s Chief Information Security Officer (CISO) about the threat. The CISO would then add this malicious traffic source to a public collection on the platform, sharing with industry peers to quickly contain and stop the threat before it can infect other companies.