WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
See the complete list of top threat intelligence companies.
IBM X-Force has been in existence since 1996 as a part of Internet Security Systems. ISS was acquired by IBM in 2006, and the X-Force brand is now part of IBM Security. The X-Force Exchange platform was launched in 2015 to open up the wealth of threat intelligence collected over 20 years from IBM X-Force to the public to support collaborative defense.
IBM X-Force Exchange is a collaborative threat intelligence platform that helps security analysts research threat indicators to help speed time to action. It offers intelligence on:
- IP and URL reputation
- web applications
Users can then enhance their security insights with machine-generated intelligence and curated human-generated insights from IBM X-Force researchers available via public case file collections on the latest malware campaigns and threats.
"Users can collaborate with peers to validate threats and develop response plans using private groups and shared collections, and strengthen their existing security solutions with threat intelligence delivered through open standards," said Sam Dillingham, Senior Offering Manager, IBM Security.
X-Force Exchange is a cloud-based platform, and does not deploy via agents.
Markets and Use Cases
X-Force Exchange hosts six of the world's top 10 retailers, and five of the world's top 10 banks. With integrated workflow support through private groups and Collections, X-Force Exchange appeals to organizations that need to support a streamlined security investigation process.
One retailer, said, Dillingham, replaced multiple threat intelligence feeds with X-Force Exchange, and reduced their investigation time by eliminating the need for multiple information formats to assemble case files for incident investigations. This retailer is using shared collections to gather threat intelligence, letting the security team focus on applying the intelligence rather than on the mechanics of gathering it.
As a cloud based platform, X-Force Exchange scales to support any size organization. Users are allowed unlimited queries via the platform itself per month, and up to 5,000 records per month via the no-cost API. Additional third-party threat intelligence feeds can be brought into X-Force Exchange using the Threat Feed Manager once a user provides their credentials or API key for those feeds via the platform.
IBM X-Force Exchange is ISO27001 and IBM Privacy Shield certified. As a threat intelligence platform, X-Force Exchange provides security content to other qualified systems.
Users can enhance their security insights with machine-generated intelligence. Threat intelligence from X-Force Exchange is also used by IBM QRadar Advisor with Watson so security analysts can leverage machine learning on the QRadar SIEM platform. All threat intelligence produced is cross-correlated against relevant sources used by X-Force Exchange, and this analysis is automated into reports that provide real-time visibility into risk score, activity history, geography, associated indicators, categorization and other pertinent threat intelligence.
X-Force Exchange is a cloud-based solution, accessible via a web browser or through an API interface to interface directly with existing security solutions.
IBM X-Force Exchange is free to use via the web interface at xforce.ibmcloud.com. The API is available at no additional cost for up to 5,000 records per month; for users that need additional data, the X-Force Exchange Commercial API is available for $2,000 per user per 10,000 records per month.
Free Security Resources
Detect and Investigate Malicious IP Activities in SIEM with Predictive Threat Intelligence
You already know how good Splunk is at correlating and analyzing operational data. But did you know that when you combine real-time, predictive threat intelligence with your IP logs, Splunk can actually alert you to perimeter attacks and accelerate the discovery and response to advanced online attacks?
- Continuously monitor and analyze over 4.3 billion IP addresses and affiliated IPs, URLs, files and mobile apps for highly accurate, actionable, real-time intelligence
- Identify IPs with a history of malicious behavior and predict which IPs pose a greater risk of a future attack
- Integration is fast, easy and will help your SIEM deliver greater depth and security insight into threats than you ever imagined possible