There are certain knowing glances that experienced parents give each other in the face of a public toddler meltdown. The sheer red-faced, quaking, loud explosion of the tantrum reminds us that 2-year-olds are entirely exasperating human beings and terrible roommates.

But there is a new kind of 2-year-old on the scene now that is well-behaved, well-groomed and, frankly, pretty helpful. We had hoped that when IBM X-Force Exchange debuted two years ago, it would become a hub of threat intelligence collaboration, allowing security analysts to streamline investigation workflows, and work together to better protect their networks and organizations.

It takes a village

We’ve grown the user base of X-Force Exchange to over 32,000 registered users, and the number of visitors to the site is almost 15 times that. Our registered users includes not only users outside of IBM, but also IBM Security researchers, analysts and practitioners who use the platform daily to help build better protection for IBM Security products, monitor our Managed Security Services (MSS) clients, and help customers as part of the IBM X-Force Incident Response and Intelligence Services (IRIS) engagements.

Registered users are not the only ones taking advantage of the platform features. In 2016, we made our public collections truly public by ceasing to require users to log in to view them. This helped our IBM X-Force research findings and collections, including those created for various malware campaigns such as Shamoon and Andromeda, to be accessible by anyone with the click of a mouse. This openness translates to all our reports as well, with threat intelligence on vulnerabilities, URL and IP reputation, and web application risks assessments available to be publicly searched. That volume has grown to nearly 2 million executed searches since the platform was released.

The X-Force Exchange is all grown up

IBM continues to beef up higher levels of threat intelligence with insights from our X-Force research team. To date, those collections number over 200 and range from deep insights on malware campaigns to massive collections of spam and phishing indicators to help organizations stop incidents before they become serious issues. You can identify a formal X-Force Advisory by the presence of the X-Force shield on the collection card, and an X-Force researcher by the presence of a blue bar next to an avatar.

We’ll continue to provide research that sheds light on the business impact and risk assessment for security teams, and tie it back nicely to a collection on X-Force Exchange for the technical indicators and threat intelligence reports. With these insights, it’s easy to take preemptive actions, such as blocking access to a URL or quarantining a troublesome file.

Giving back to the village

The X-Force Exchange team constantly innovates to help improve the jobs of security analysts. The team has added updates from the X-Force Threat Analysis Service, a daily subscription email from our MSS team that includes current indicators on active attacks on our monitored client environments. To see these in X-Force Exchange, go to Public Collections and filter on “xftas”.

We introduced the ability to bring additional threat intelligence feeds into X-Force Exchange in December, and the roster of partners keeps growing. It’s become even easier to pay attention to critical areas with watchlists and quick collections. Collaboration is made even smoother due to the ability to create collections with as many or as few peers as you want using private groups.

To stay up to date on these and other new features added to X-Force Exchange, follow the X-Force Features tag here on Security Intelligence. If you haven’t yet visited X-Force Exchange, try it now! I promise, there are no small toys with sharp corners to step on.

Free Trial: IBM X-Force Exchange

More from X-Force

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

Smoltalk: RCE in open source agents

26 min read - Big shoutout to Hugging Face and the smolagents team for their cooperation and quick turnaround for a fix! Introduction Recently, I have been working on a side project to automate some pentest reconnaissance with AI agents. Just after I started this project, Hugging Face announced the release of smolagents, a lightweight framework for building AI agents that implements the methodology described in the ReAct paper, emphasizing reasoning through iterative decision-making. Interestingly, smolagents enables agents to reason and act by generating…

Being a good CLR host – Modernizing offensive .NET tradecraft

14 min read - The modern red team is defined by its ability to compromise endpoints and take actions to complete objectives. To achieve the former, many teams implement their own custom command-and-control (C2) or use an open-source option. For the latter, there is a constant stream of post-exploitation tooling being released that takes advantage of various features in Windows, Active Directory and third-party applications. The execution mechanism for this tooling has, for the last several years, relied heavily on executing .NET assemblies in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today