by Joshua Whitney Allen

Using the cloud, IBM offers intelligence to combat cybercrime

Published April 27, 2015


IBM announced this month it is making its catalog of security intelligence data available via the IBM X-Force Exchange, a new cyber threat intelligence sharing platform powered by IBM Cloud.

With intelligence a key component in the mission against a range of evolving and sudden threats, this collaborative platform provides access to volumes of actionable IBM and third-party threat data from across the globe, including real-time indicators of live attacks, which can be used to defend against cybercrimes.

Cybersecurity is an endless race against the innovation of the perpetrators.

“We are in a world here where the level of cybercrime in unprecedented,” says Caleb Barlow, Vice President, IBM Security. “We are also seeing that the level of investment that is occurring here on the side of the attacker is like nothing we’ve ever seen before. By monitoring these attacks we see that these are well organized, well-funded entities that are going to work just like you and I do … The level of what we are up against is growing significantly, but all that ultimately means is we have to make sure we stay in front of it.”

The at times frantic demand for protection of information has created a market opportunity unlike any other in terms of growth and urgency. The complexity of threats is expected to grow, feeding demand and growing profits. Analysis firm visiongain sets the 2015 cybersecurity market value at over $75 billion; research firm Markets and Markets predicts the worth of the global cybersecurity market to exceed $155 billion by 2019.

We are in a world here where the level of cybercrime in unprecedented.

Caleb Barlow, Vice President, IBM Security

According to the United States Department of Homeland Security, Cyberspace poses a dynamic security challenge for everyone engaged in technology, from the individual user to entire societies. DHS defines this broad challenge as “the ability of malicious actors to operate from anywhere in the world, the linkages between cyberspace and physical systems, and the difficulty of reducing vulnerabilities and consequences in complex cyber networks. Of growing concern is the cyber threat to critical infrastructure, which is increasingly subject to sophisticated cyber intrusions that pose new risks.”

The challenge has forced companies to become competent in modern crime prevention—where knowledge is as important as adaptability. The IBM X-Force Exchange integrates its powerful portfolio of deep threat research data and technologies like IBM QRadar, thousands of global clients, and acumen of a worldwide network of security analysts and experts from IBM Managed Security Services. At present, the X-Force Exchange features over 700 terabytes of raw aggregated data supplied by IBM.

According to a release, users can collaborate and tap into multiple data sources, including:

  • One of the largest and most complete catalogs of vulnerabilities in the world
  • Threat information based on monitoring of more than 15 billion monitored security events per day
  • Malware threat intelligence from a network of 270 million endpoints
  • Threat information based on over 25 billion web pages and images
  • Deep intelligence on more than 8 million spam and phishing attacks
  • Reputation data on nearly 1 million malicious IP addresses

“The IBM X-Force Exchange platform will foster collaboration on a scale necessary to counter the rapidly rising and sophisticated threats that companies are facing from cybercriminals,” says Brendan Hannigan, General Manager, IBM Security. “We’re taking the lead by opening up our own deep and global network of cyberthreat research, customers, technologies and experts. By inviting the industry to join our efforts and share their own intelligence, we’re aiming to accelerate the formation of the networks and relationships we need to fight hackers.”

The IBM X-Force Exchange platform will foster collaboration on a scale necessary to counter the rapidly rising and sophisticated threats that companies are facing from cybercriminals.

Brendan Hannigan, General Manager, IBM Security

Context is everything
The model offers interaction with subject matter experts, the shared knowledge and perspective strengthening analysis. Built by IBM Security, the IBM X-Force Exchange is a new, cloud-based platform that allows organizations to easily collaborate on security incidents, as well as benefit from the ongoing contributions of IBM experts and community members. Since the beta launch of the X-Force Exchange, numerous early adopters have joined the community.

By freely consuming, sharing, and acting on real-time threat intelligence from their networks, users engage in a cyber force multiplier, so to speak, that protects more than just the afflicted company. IBM offers this example:

A security researcher might discover a new malware domain, noting it as malicious within the platform. From there, a security analyst at another company could find this domain from his or her network on the exchange and consult with other analysts and experts to validate its danger. The analyst would then apply blocking rules to his or her own company's digital presence, stopping malicious traffic, and—via the platform—would rapidly alert the organization’s Chief Information Security Officer (CISO) about the threat. The CISO would then add this malicious traffic source to a public collection on the platform, sharing with industry peers to quickly contain and stop the threat before it can infect other companies.

The model includes a collaborative, social interface to interact with and validate information from industry peers, analysts, and researchers. Users access intelligence from multiple third parties, the depth and breadth of which will continue to grow as the platform's user base grows. Programmers will appreciate the library of APIs to facilitate programmatic queries between the platform, machines, and applications; allowing businesses to operationalize threat intelligence and take action.

Within the platform, IBM will provide future support for STIX and TAXII, the emerging standard for automated threat intelligence sharing, for easy extraction and sharing of information to and from the exchange, as well as seamless integration into existing security systems.



No one has commented on this item.