IBM X-Force Still Ahead of the Threat 86,000 Vulnerabilities Later

November 24, 2014
| |
2 min read

As security threats to network environments have evolved, so has the IBM X-Force Research and Development group. When the group was founded in the late 1990s, its vision was to develop protection strategies and educate customers. The benefit of strategic thinking means that those two goals are still applicable today.

If you’re unfamiliar with the team, I encourage you to take a few minutes to watch this overview video featuring Chris Poulin, one of our research strategists:

In addition to having a wonderfully expressive eyebrow, Poulin is also an accomplished speaker and author on a wide array of security topics. If you want to hear more from him but can’t catch him in person at one of our cybersecurity roadshows or client events, you can watch his in-depth interview with SiliconANGLE or read any of his blogs on

The Foundation of IBM Protection Strategies

Poulin is just one example of the experts on the team. Earlier this month, Robert Freeman, another of those brilliant minds, disclosed a vulnerability in Microsoft Internet Explorer (IE) that has been around for 19 years. This vulnerability allows an attacker to gain full control of the browser in any version, starting with IE 3.0. This vulnerability has been given any number of nicknames, from “Unicorn” to “Godmode,” and it is just one of the over 86,000 vulnerabilities cataloged in the X-Force database, one of the oldest commercially available vulnerability databases.

Thanks to the work of our team of researchers going back to the 1990s, X-Force has been able to build behavior-based protection strategies that can stop advanced threats. Perhaps you remember a little vulnerability named Shellshock? Thanks to those strategies, IBM Security Network Protection customers were protected against Shellshock exploits way back in 2007. The researchers had the foresight to create algorithms to block potentially malicious behavior such as shellcode injections.

With IBM’s acquisitions in the security area, X-Force has expanded its research efforts into new areas. In Trusteer, it added a team of malware experts such as Dana Tamir, who uncovered new uses for “classic” banking malware in the case of Citadel being modified to attack petrochemical companies. I’d also be remiss if I didn’t include the efforts of our mobile application security researchers, such as Roee Hay, who keep us all informed of emerging threats to mobile platforms.

There is no way I could list all the security experts that contribute to the efforts to develop protection strategies for IBM customers, so rather than publishing a yearbook-like list of names, let’s talk about how these experts work together to educate the public.

X-Force Security Education for the Masses

Outside of the insights posted on, X-Force publishes its X-Force Threat Intelligence Quarterly, authors white papers, produces webinars and posts videos to educate not only IBM clients, but also the public at large on emerging trends in the security industry. All these assets are now conveniently located in its Research Finder.

The IBM Managed Security Services group, which monitors real-world threats to IBM clients, also publishes independent research papers on zero-day attacks such as Shellshock and industry-specific views on sectors such as finance and health care.

X-Force also presents at industry and IBM events such as InterConnect 2015 in addition to its cybersecurity roadshows. If you’re able, I highly encourage you to take advantage of the many exciting research education events, either virtually or in person, that X-Force has planned for 2015.

Pamela Cobb
Market Segment Manager, IBM X-Force and Security Intelligence

Pamela Cobb directs product marketing activities for the IBM X-Force and Threat Protection offerings developing messaging, collateral, website content. She c...
read more