10 Ways to Fight Advanced Malware With Threat Intelligence Sharing

Last month, we celebrated the two-year anniversary of the IBM X-Force Exchange (XFE). During that week, the threat intelligence sharing platform reached a record spike in traffic as users flocked to the site to stay up to date on the recently exposed WannaCry ransomware.

10 Threat Intelligence Sharing Tips to Fight Cybercrime

As the X-Force team populated the WCry2 Ransomware Outbreak collection, it quickly became the highest-rated and most-followed collection in XFE history. With the wind behind our sails, it seems like the perfect time to share some of the platform’s top tips and tricks that even our 35,000 registered users might not know about.

1. Identify Unknown Malware in Seconds

On May 16, we announced IBM X-Force Malware Analysis on Cloud, our software-as-a-service (SaaS) capability to detect and research malware quickly and effectively. Delivered via the XFE platform, IBM X-Force Malware Analysis makes identifying suspicious files as easy as uploading and reviewing. You can sign up for a free trial here.

Join the July 20 webinar: Malware Analysis in Minutes

2. Generate Collections Through Email

With curated threat intelligence, collections help streamline security investigations with information on campaigns, actors, and tactics, techniques and procedures (TTPs), and provide actionable recommendations from the X-Force research community. While you can manually build a collection in the platform, you can save time by using email. To auto-build your collection, navigate to Settings > Inbox, obtain your X-Force email address, and send an email to it.

3. Share Threat Intelligence With Your Social Networks

In light of the WannaCry ransomware attack, which reached thousands of companies across more than 100 countries, sharing threat intelligence outside your enterprise quickly is just as important as collaborating in your own security operations center (SOC). X-Force Exchange allows security teams to share pertinent threat intelligence on Twitter, Facebook and LinkedIn with just a click of the mouse. Look for the icons in all public collections.

4. Seamlessly Set Up the API

The IBM X-Force Exchange API delivers programmatic access to nearly 800 TB of threat intelligence data across IPs, URLs, vulnerabilities, malware and more. With the API, users can access XFE data from collections, obtain up-to-date information on indicators and integrate with other products to perform real-time actions. As a registered user, go to Settings > API Access to generate your API key, and test its functionality within the interactive Swagger API documentation.

5. Get Even More Access to Threat Intelligence

If nearly a petabyte of threat data isn’t enough, X-Force Exchange has enabled integrations with third-party feeds to expand threat intelligence through its Threat Feed Manager. With more curated knowledge, you can make better decisions even faster when it comes to your security investigation. Go to Settings > Integrations to expand your threat intelligence.

6. Build a Customized Watchlist

Keep up with relevant vulnerabilities on selected platforms with our Watchlist feature. Go to Settings > Watchlist to choose your specific enterprise technologies and receive alerts as soon as vulnerabilities are released, complete with pertinent information such as Common Vulnerability Scoring System (CVSS) scores, impacted product lists, references and IBM QRadar Network Security coverage as it becomes available.

7. Get Notified on What’s Important

IBM X-Force Exchange enables notifications beyond just vulnerabilities. For a full menu of alerts on threat intelligence included in Advisories, Collections, Groups and Reports, go to Settings > Notifications. Select and deselect as you see fit to help augment your research workflow and sift through the noise.

8. Prioritize Your Intelligence With a Custom Layout

Want the botnet distribution card front and center? Don’t really care about groups? On the new dashboard, customize your layout with the gear icon. Promote, demote and drop cards as you wish depending on what helps you better research and investigate threats.

9. Help Relevant Collections Rise to the Top

Within each collection, there is a voting feature that allows you to like or dislike a specific collection. Bring awareness to the community with your opinion on the collected threat intelligence, and see the latest and greatest intelligence by going to the Public Collections menu and filtering by date and rating.

10. Validate the Source

XFE has global researchers dedicated to finding, curating and sharing actionable threat intelligence across more than 38 billion web pages, 860,000 IPs and 113,000 vulnerabilities. If you are curious about the source of any given collection, check the version history. IBM X-Force researchers have a blue shield next to their profile image.

Learn More

To explore more ways in which threat intelligence sharing can help your organization fight advanced attacks such as WannaCry, register for the free IBM X-Force Exchange.

Register for the July 20 webinar: Malware Analysis in Minutes

Share this Article:
Christian Falco

Strategy Associate, IBM

Christian Falco is a strategist with IBM Security, helping to build and articulate the business unit's strategy centered around CISO objectives, key innovation and a leading portfolio of products and services. He has over 5 years experience in strategy roles across IBM.