IBM unveils cyber threat intelligence sharing platform

IBM is making its vast library of security intelligence data available via the IBM X-Force Exchange, a new cyber threat intelligence sharing platform powered by IBM Cloud. This collaborative platform provides access to volumes of actionable IBM and third-party threat data from across the globe, including real-time indicators of live attacks, which can be used to defend against cybercrime.

The X-Force Exchange builds on IBM’s tremendous scale in security intelligence, integrating its portfolio of deep threat research data and technologies like QRadar, thousands of global clients, and acumen of a worldwide network of security analysts and experts from IBM Managed Security Services.

Leveraging the open and powerful infrastructure of the cloud, users can collaborate and tap into multiple data sources, including:

• One of the largest and most complete catalogs of vulnerabilities in the world
• Threat information based on monitoring of more than 15 billion monitored security events per day
• Malware threat intelligence from a network of 270 million endpoints
• Threat information based on over 25 billion web pages and images
• Deep intelligence on more than 8 million spam and phishing attacks
• Reputation data on nearly 1 million malicious IP addresses.

Today, the X-Force Exchange features over 700 terabytes of raw aggregated data supplied by IBM. This will continue to grow, be updated and shared as the platform can add up to a thousand malicious indicators every hour. This data includes real-time information which is critical to the battle against cybercrime.

“The IBM X-Force Exchange platform will foster collaboration on a scale necessary to counter the rapidly rising and sophisticated threats that companies are facing from cybercriminals,” said Brendan Hannigan, General Manager, IBM Security. “We’re taking the lead by opening up our own deep and global network of cyberthreat research, customers, technologies and experts. By inviting the industry to join our efforts and share their own intelligence, we’re aiming to accelerate the formation of the networks and relationships we need to fight hackers.”

By freely consuming, sharing and acting on real-time threat intelligence from their networks and IBM’s own repository of known threat intelligence, users can identify and help stop threats via:

• A collaborative, social interface to easily interact with and validate information from industry peers, analysts and researchers
• Volumes of intelligence from multiple third parties, the depth and breadth of which will continue to grow as the platform’s user base grows
• A collections tool to easily organize and annotate findings, bringing priority information to the forefront
• Open, web-based access built for security analysts and researchers
• A library of APIs to facilitate programmatic queries between the platform, machines and applications; allowing businesses to operationalize threat intelligence and take action.

Within the platform, IBM will provide future support for STIX and TAXII, the emerging standard for automated threat intelligence sharing, for easy extraction and sharing of information to and from the exchange, as well as seamless integration into existing security systems.