IBM opens threat intelligence to combat cyber attacks

IBM said on thursday that it is making its vast library of security intelligence data available via a new cyber threat intelligence sharing platform powered by IBM Cloud-based the IBM X-Force Exchange.

This collaborative platform provides access to volumes of actionable IBM and third-party threat data from across the globe, including real-time indicators of live attacks, which can be used to defend against cyber crimes.

The need for trusted threat intelligence is greater than ever, as 80 per cent of cyber attacks are driven by highly organised crime rings in which data, tools and expertise are widely shared.

Though hackers have mobilized, their targets have not. A majority (65 per cent) of in-house cyber security teams use multiple sources of trusted and untrusted external intelligence to fight attackers.

The X-Force Exchange builds on IBM's tremendous scale in security intelligence, integrating its powerful portfolio of deep threat research data and technologies like QRadar, thousands of global clients, and acumen of a worldwide network of security analysts and experts from IBM Managed Security Services. Leveraging the open and powerful infrastructure of the cloud, users can collaborate and tap into multiple data sources, including:  

• One of the largest and most complete catalogs of vulnerabilities in the world;
• Threat information based on monitoring of more than 15 billion monitored security events per day;
• Malware threat intelligence from a network of 270 million endpoints;
• Threat information based on over 25 billion web pages and images;
• Deep intelligence on more than 8 million spam and phishing attacks;
• Reputation data on nearly 1 million malicious IP addresses.

Today, the X-Force Exchange features over 700 terabytes of raw aggregated data supplied by IBM. This will continue to grow, be updated and shared as the platform can add up to a thousand malicious indicators every hour. This data includes real-time information which is critical to the battle against cybercrime.

''The IBM X-Force Exchange platform will foster collaboration on a scale necessary to counter the rapidly rising and sophisticated threats that companies are facing from cybercriminals,'' said Brendan Hannigan, General Manager, IBM Security. ''We're taking the lead by opening up our own deep and global network of cyberthreat research, customers, technologies and experts. By inviting the industry to join our efforts and share their own intelligence, we're aiming to accelerate the formation of the networks and relationships we need to fight hackers."

Built by IBM Security, the IBM X-Force Exchange is a new, cloud-based platform that allows organisations to easily collaborate on security incidents, as well as benefit from the ongoing contributions of IBM experts and community members. Since the beta launch of the X-Force Exchange, numerous early adopters have joined the community.

By freely consuming, sharing and acting on real-time threat intelligence from their networks and IBM's own repository of known threat intelligence, users can identify and help stop threats via:

• A collaborative, social interface to easily interact with and validate information from industry peers, analysts and researchers;
• Volumes of intelligence from multiple third parties, the depth and breadth of which will continue to grow as the platform's user base grows;
• A collections tool to easily organize and annotate findings, bringing priority information to the forefront;
• Open, web-based access built for security analysts and researchers;
• A library of APIs to facilitate programmatic queries between the platform, machines and applications; allowing businesses to operationalize threat intelligence and take action.

Within the platform, IBM will provide future support for STIX and TAXII, the emerging standard for automated threat intelligence sharing, for easy extraction and sharing of information to and from the exchange, as well as seamless integration into existing security systems.

Putting cyber threats in context

For the first time, organisations can directly interact with IBM's security analysts and researchers, as well as their industry peers, via the platform to validate findings and expose them to other companies fighting cybercrime.

For example, a security researcher might discover a new malware domain, noting it as malicious within the platform.

From there, a security analyst at another company could find this domain from his or her network on the exchange and consult with other analysts and experts to validate its danger.

The analyst would then apply blocking rules to his or her own company's digital presence, stopping malicious traffic, and – via the platform - would rapidly alert the organization's Chief Information Security Officer (CISO) about the threat.

The CISO would then add this malicious traffic source to a public collection on the platform, sharing with industry peers to quickly contain and stop the threat before it can infect other companies.