June 19, 2017 By Daniel Donhefner 3 min read

This week, we are celebrating here in Poland and, in truth, across our wider European and global security team. We are proud and pleased to announce the official opening of our newly refurbished and greatly expanded X-Force Command Center in Wroclaw, Poland, the latest addition to IBM’s global X-Force footprint.

Since 2012, IBM has operated a highly successful and capable security operations center (SOC) in Wroclaw. This has been rehoused in a facility with three times more space than the original. It allows us to expand our team of 160 people here, which is set to grow by 20 to 25 percent, and also gives us the space to host clients and partners who wish to see how our teams keep their businesses safe.

IBM Expands Its X-Force Command Center

This advancement from an IBM SOC to one of the X-Force Command Centers is an exciting one. It will enable us to collaborate at a deeper and more intricate level with the IBM X-Force best-of-breed global infrastructure and world-renowned research team. It also introduces new levels of cognitive security tools and services. The center, by default, operates as part of the global Managed Security Services (MSS) infrastructure, which delivers to clients who prefer a fully Europe-based service.

The staff in the Wroclaw X-Force Command Center comprises our existing security analyst team, in addition to several newly hired experts. We have forged many great collaborations in Poland with various academic institutions, training technical and nontechnical staff in cybersecurity business and skills to ensure a top-quality local supply of skilled workers.

A European Focus

Our investment in the new Wroclaw Center is designed to provide a global MSS capability to our customers based in the European Union (EU). With various data protection rules and client needs, it is important to provide as much flexibility as our clients require. Our regular services will be delivered through a link from our global network, where expertise is shared and analysts from our centers work with clients. The network is staffed by more than 1,400 security professionals who provide around-the-clock service to clients.

We also have two data centers based in the EU to ensure that data never leaves the jurisdiction and the work is carried out by only European teams. The data is managed with no interruption to service, so our teams are fluid, moving and learning from one project to another over our global network while retaining compliance with regulations and clients’ wishes.

The center will also act as the hub in the company’s global network for General Data Protection Regulation (GDPR) expertise and specialized services, helping organizations respond to data breaches and security incidents in a compliant manner.

Our first clients are currently using the European-dedicated service and we look forward to providing this option to more. Clients that moved from global to European delivery have experienced no difference in terms of customer experience. For other clients who do not need the full service, we share data with the global network in accordance with Privacy Shield rules. Clients can also include EU Model Clauses for data privacy when using the global service.

Cognitive Capabilities

One of the most exciting new functionalities offered from Wroclaw is the IBM Cognitive capability, based on tools such as QRadar Advisor with Watson, which transforms the center into what we call a Cognitive MSS Center. This allows us to quickly analyze billions of data points and make intelligent decisions about threats as they appear.

The center is also piloting the new Havyn interface for cognitive security services. This voice-powered interface uses Watson’s speech recognition and natural language processing to construct queries for QRadar Advisor, then acts as an assistant to the analyst when monitoring a situation or looking for incident-related data.

Havyn also facilitates the interaction between the IBM X-Force Command Center and the client team, again through voice-powered interfaces, which provides immediate and proactive access to relevant data. This allows IBM clients to easily monitor their security posture and risk level.

The Best MSS in the Business

Today, we are also celebrating IBM’s recent recognition as the best MSS provider in the business at the SC Media awards, held at Infosecurity Europe in London this past June.

With these modernized and improved powers, as well as the world-class skills of our staff and the connections to the X-Force network, this evolution is a momentous step for the IBM team in Wroclaw. I look forward to its performance being a source of pride not just locally, but for the whole IBM client and staff community in Europe and beyond.

Discover How IBM X-Force Command Centers Are Changing Security

More from

Hive0137 and AI-supplemented malware distribution

12 min read - IBM X-Force tracks dozens of threat actor groups. One group in particular, tracked by X-Force as Hive0137, has been a highly active malware distributor since at least October 2023. Nominated by X-Force as having the “Most Complex Infection Chain” in a campaign in 2023, Hive0137 campaigns deliver DarkGate, NetSupport, T34-Loader and Pikabot malware payloads, some of which are likely used for initial access in ransomware attacks. The crypters used in the infection chains also suggest a close relationship with former…

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

Crisis communication: What NOT to do

4 min read - Read the 1st blog in this series, Cybersecurity crisis communication: What to doWhen an organization experiences a cyberattack, tensions are high, customers are concerned and the business is typically not operating at full capacity. Every move you make at this point makes a difference to your company’s future, and even a seemingly small mistake can cause permanent reputational damage.Because of the stress and many moving parts that are involved, businesses often fall short when it comes to communication in a crisis.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today