IBM Launches Open Threat Intelligence Platform

Written by

IBM is making a move to open up more than two decades worth of cyber-threat intelligence via a new data-sharing exchange that is modeled off of social networking.

The IBM X-Force Exchange offers open access to IBM’s vault of threat intelligence. The move, the company said, is a response to a global shift in organized crime. Similar to the early 20th century mob rings, modern day cybercriminals are rapidly banding together in efficient and complex networks to launch more sophisticated, higher-ROI attacks (like last month’s highly successful Dyre Wolf campaign, launched out of an Eastern European crime ring).

The most common indicators include IP addresses, domain names, URLs, registry settings, email addresses, HTTP user agents, file hashes and file names, IBM noted. There is depth of information associated with each of these, such as the historical context, as well as the pivoting between them to allow for the real understanding of how they relate to each other in order to gain insights on tactics and techniques.

“You can think of the X-Force Exchange as a Pinterest for security analysts, allowing them to build collections of data and engage with others,” a spokesperson noted. “Currently, security analysts often use Word documents or spreadsheets to do this type of work. IBM is bringing them a digital platform for better organizing intelligence.”

For example, providing additional context on an indicator that has been brought to a user’s attention, whether from a security tool or another user, helps the user make a decision on how to further use that information. Extending this to action naturally leads to programmatic access and application programming interface integration, which helps organizations make better and quicker decisions.

 “The sharing of threat intelligence should ultimately lead to tactical actions that help organizations further protect their users and infrastructure,” said Doron Shiloach, in a blog. “To reiterate, because the stakes are much higher with security information, it is important to have a seamlessly flowing process.”

What’s hot on Infosecurity Magazine?