IBM announced it is making its vast library of security intelligence data available via the IBM X-Force Exchange, a new cyber threat intelligence sharing platform powered by IBM Cloud. This collaborative platform provides access to global volumes of actionable IBM and third-party threat data, including real-time indicators of live attacks, which can be used to defend against cyber crimes.
The need for trusted threat intelligence is greater than ever, as 80 percent of cyber attacks are driven by highly organized crime rings in which data, tools and expertise are widely shared1. Though hackers have mobilized, their targets have not. A majority (65 percent) of in-house cybersecurity teams use multiple sources of trusted and untrusted external intelligence to fight attackers2.
The X-Force Exchange builds on IBM’s tremendous scale in security intelligence, integrating its powerful portfolio of deep threat data research and technologies like QRadar, thousands of global clients, and acumen of a worldwide network of security analysts and experts from IBM Managed Security Services. Leveraging the open and powerful infrastructure of cloud, users can collaborate and tap into multiple data sources, including:
- One of the largest and most complete catalogs of vulnerabilities in the world;
- Threat information based on monitoring of more than 15 billion monitored security events per day;
- Malware threat intelligence from a network of 270 million endpoints;
- Threat information based on over 25 billion web pages and images;
- Deep intelligence on more than 8 million spam and phishing attacks;
- Reputation data on nearly 1 million malicious IP addresses.
Today, the X-Force Exchange features over 700 terabytes of raw aggregated data supplied by IBM. This will continue to grow, be updated and shared as the platform can add up to a thousand malicious indicators every hour. This data includes real-time information which is critical to the battle against cybercrime.
“The IBM X-Force Exchange platform will foster collaboration on a scale necessary to counter the rapidly rising and sophisticated threats that companies are facing from cybercriminals,” said Brendan Hannigan, General Manager, IBM Security. “We’re taking the lead by opening up our own deep and global network of cyberthreat research, customers, technologies and experts. By inviting the industry to join our efforts and share their own intelligence, we’re aiming to accelerate the formation of the networks and relationships we need to fight hackers."
Open, Automated and Social Threat Sharing
Built by IBM Security, the IBM X-Force Exchange is a new, cloud-based platform that allows organizations to easily collaborate on security incidents, as well as benefit from the ongoing contributions of IBM experts and community members. Since the beta launch of the X-Force Exchange, numerous early adopters have joined the community.
By freely consuming, sharing and acting on real-time threat intelligence from their networks and IBM’s own repository of known threat intelligence, users can identify and help stop threats via:
- A collaborative, social interface to easily interact with and validate information from industry peers, analysts and researchers;
- Volumes of intelligence from multiple third parties, the depth and breadth of which will continue to grow as the platform’s user base grows;
- A collections tool to easily organize and annotate findings, bringing priority information to the forefront;
- Open, web-based access built for security analysts and researchers;
- A library of APIs to facilitate programmatic queries between the platform, machines and applications; allowing businesses to operationalize threat intelligence and take action.
Within the platform, IBM will provide future support for STIX and TAXII, the emerging standard for automated threat intelligence sharing, for easy extraction and sharing of information to and from the exchange, as well as seamless integration into existing security systems.
Putting Cyber-Threats in Context
For the first time, organizations can directly interact with IBM security analysts and researchers, as well as their industry peers, via the platform to validate findings and expose them to other companies fighting cyber-crime.
For example, a security researcher might discover a new malware domain, noting it as malicious within the platform. From there, a security analyst at another company could find this domain from his or her network on the exchange, consulting with other analysts and experts to validate its danger. The analyst would then apply blocking rules to his or her own company’s digital presence, stopping malicious traffic, and – via the platform – would rapidly alert the organization’s Chief Information Security Officer (CISO) about the threat. The CISO would then add this malicious traffic source to a public collection on the platform, sharing with industry peers to quickly contain and stop the threat before it can infect other companies.