IBM on Thursday launched a new threat intelligence sharing platform that allows enterprise security teams and researchers to collaborate on security incidents and sift through troves of cyber threat intelligence data.
According to the tech giant, the cloud-based IBM X-Force Exchange provides access to IBM and third-party threat data sourced from around the world, including real-time indicators of live attacks.
IBM boasts over 700 terabytes of raw aggregated data supplied by the platform, which will continue to be updated. The data also includes real-time information, IBM said.
The X-Force Exchange integrates IBM’s portfolio of threat research data and technologies including its QRadar Security Intelligence Platform, thousands of clients, and security analysts from IBM Managed Security Services.
According to Big Blue, X-Force Exchange users can collaborate and tap into multiple data sources, including:
· One of the largest catalogs of vulnerabilities in the world
· Threat information based on monitoring of more than 15 billion monitored security events per day
· Malware threat intelligence from a network of 270 million endpoints
· Threat information based on over 25 billion web pages and images
· Deep intelligence on more than 8 million spam and phishing attacks
· Reputation data on nearly 1 million malicious IP addresses
“The IBM X-Force Exchange platform will foster collaboration on a scale necessary to counter the rapidly rising and sophisticated threats that companies are facing from cybercriminals,” said Brendan Hannigan, General Manager, IBM Security. “We’re taking the lead by opening up our own deep and global network of cyberthreat research, customers, technologies and experts. By inviting the industry to join our efforts and share their own intelligence, we’re aiming to accelerate the formation of the networks and relationships we need to fight hackers.”
The platform also includes tools to help organize and annotate findings, and a library of APIs to facilitate programmatic queries between the platform, machines and applications; allowing businesses to operationalize threat intelligence and take action.
IBM said the platform would provide future support for STIX and TAXII, emerging standard for automated threat intelligence sharing and integration with security solutions.
Use Case
IBM provided a use case of a security researcher that may have discovered a malicious domain, and noted it as malicious within the platform. From there, a security analyst at another company could find this domain from his or her network on the exchange and consult with other analysts and experts to validate its danger, IBM explained. Taking action, the analyst could then apply blocking rules to his or her own company’s network to stop malicious traffic.