November 24, 2014 By Pamela Cobb 2 min read

As security threats to network environments have evolved, so has the IBM X-Force Research and Development group. When the group was founded in the late 1990s, its vision was to develop protection strategies and educate customers. The benefit of strategic thinking means that those two goals are still applicable today.

If you’re unfamiliar with the team, I encourage you to take a few minutes to watch this overview video featuring Chris Poulin, one of our research strategists:

http://www.youtube.com/watch?v=Bv97rRnHy1M

In addition to having a wonderfully expressive eyebrow, Poulin is also an accomplished speaker and author on a wide array of security topics. If you want to hear more from him but can’t catch him in person at one of our cybersecurity roadshows or client events, you can watch his in-depth interview with SiliconANGLE or read any of his blogs on SecurityIntelligence.com.

The Foundation of IBM Protection Strategies

Poulin is just one example of the experts on the team. Earlier this month, Robert Freeman, another of those brilliant minds, disclosed a vulnerability in Microsoft Internet Explorer (IE) that has been around for 19 years. This vulnerability allows an attacker to gain full control of the browser in any version, starting with IE 3.0. This vulnerability has been given any number of nicknames, from “Unicorn” to “Godmode,” and it is just one of the over 86,000 vulnerabilities cataloged in the X-Force database, one of the oldest commercially available vulnerability databases.

Thanks to the work of our team of researchers going back to the 1990s, X-Force has been able to build behavior-based protection strategies that can stop advanced threats. Perhaps you remember a little vulnerability named Shellshock? Thanks to those strategies, IBM Security Network Protection customers were protected against Shellshock exploits way back in 2007. The researchers had the foresight to create algorithms to block potentially malicious behavior such as shellcode injections.

With IBM’s acquisitions in the security area, X-Force has expanded its research efforts into new areas. In Trusteer, it added a team of malware experts such as Dana Tamir, who uncovered new uses for “classic” banking malware in the case of Citadel being modified to attack petrochemical companies. I’d also be remiss if I didn’t include the efforts of our mobile application security researchers, such as Roee Hay, who keep us all informed of emerging threats to mobile platforms.

There is no way I could list all the security experts that contribute to the efforts to develop protection strategies for IBM customers, so rather than publishing a yearbook-like list of names, let’s talk about how these experts work together to educate the public.

X-Force Security Education for the Masses

Outside of the insights posted on SecurityIntelligence.com, X-Force publishes its X-Force Threat Intelligence Quarterly, authors white papers, produces webinars and posts videos to educate not only IBM clients, but also the public at large on emerging trends in the security industry. All these assets are now conveniently located in its Research Finder.

The IBM Managed Security Services group, which monitors real-world threats to IBM clients, also publishes independent research papers on zero-day attacks such as Shellshock and industry-specific views on sectors such as finance and health care.

X-Force also presents at industry and IBM events such as InterConnect 2015 in addition to its cybersecurity roadshows. If you’re able, I highly encourage you to take advantage of the many exciting research education events, either virtually or in person, that X-Force has planned for 2015.

More from X-Force

Hive0147 serving juicy Picanha with a side of Mekotio

17 min read - IBM X-Force tracks multiple threat actors operating within the flourishing Latin American (LATAM) threat landscape. X-Force has observed Hive0147 to be one of the most active threat groups operating in the region, targeting employee inboxes at scale, with a primary focus on phishing and malware distribution. After a 3-month break, Hive0147 returned in July with even larger campaign volumes, and the debut of a new malicious downloader X-Force named "Picanha,” likely under continued development, deploying the Mekotio banking trojan. Hive0147…

FYSA – Critical RCE Flaw in GNU-Linux Systems

2 min read - Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare,…

Getting “in tune” with an enterprise: Detecting Intune lateral movement

13 min read - Organizations continue to implement cloud-based services, a shift that has led to the wider adoption of hybrid identity environments that connect on-premises Active Directory with Microsoft Entra ID (formerly Azure AD). To manage devices in these hybrid identity environments, Microsoft Intune (Intune) has emerged as one of the most popular device management solutions. Since this trusted enterprise platform can easily be integrated with on-premises Active Directory devices and services, it is a prime target for attackers to abuse for conducting…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today