There are certain knowing glances that experienced parents give each other in the face of a public toddler meltdown. The sheer red-faced, quaking, loud explosion of the tantrum reminds us that 2-year-olds are entirely exasperating human beings and terrible roommates.
But there is a new kind of 2-year-old on the scene now that is well-behaved, well-groomed and, frankly, pretty helpful. We had hoped that when IBM X-Force Exchange debuted two years ago, it would become a hub of threat intelligence collaboration, allowing security analysts to streamline investigation workflows, and work together to better protect their networks and organizations.
It Takes a Village
We’ve grown the user base of X-Force Exchange to over 32,000 registered users, and the number of visitors to the site is almost 15 times that. Our registered users includes not only users outside of IBM, but also IBM Security researchers, analysts and practitioners who use the platform daily to help build better protection for IBM Security products, monitor our Managed Security Services (MSS) clients, and help customers as part of the IBM X-Force Incident Response and Intelligence Services (IRIS) engagements.
Registered users are not the only ones taking advantage of the platform features. In 2016, we made our public collections truly public by ceasing to require users to log in to view them. This helped our IBM X-Force research findings and collections, including those created for various malware campaigns such as Shamoon and Andromeda, to be accessible by anyone with the click of a mouse. This openness translates to all our reports as well, with threat intelligence on vulnerabilities, URL and IP reputation, and web application risks assessments available to be publicly searched. That volume has grown to nearly 2 million executed searches since the platform was released.
The X-Force Exchange Is All Grown Up
IBM continues to beef up higher levels of threat intelligence with insights from our X-Force research team. To date, those collections number over 200 and range from deep insights on malware campaigns to massive collections of spam and phishing indicators to help organizations stop incidents before they become serious issues. You can identify a formal X-Force Advisory by the presence of the X-Force shield on the collection card, and an X-Force researcher by the presence of a blue bar next to an avatar.
We’ll continue to provide research that sheds light on the business impact and risk assessment for security teams, and tie it back nicely to a collection on X-Force Exchange for the technical indicators and threat intelligence reports. With these insights, it’s easy to take preemptive actions, such as blocking access to a URL or quarantining a troublesome file.
Giving Back to the Village
The X-Force Exchange team constantly innovates to help improve the jobs of security analysts. The team has added updates from the X-Force Threat Analysis Service, a daily subscription email from our MSS team that includes current indicators on active attacks on our monitored client environments. To see these in X-Force Exchange, go to Public Collections and filter on “xftas”.
We introduced the ability to bring additional threat intelligence feeds into X-Force Exchange in December, and the roster of partners keeps growing. It’s become even easier to pay attention to critical areas with watchlists and quick collections. Collaboration is made even smoother due to the ability to create collections with as many or as few peers as you want using private groups.
To stay up to date on these and other new features added to X-Force Exchange, follow the X-Force Features tag here on Security Intelligence. If you haven’t yet visited X-Force Exchange, try it now! I promise, there are no small toys with sharp corners to step on.