There are certain knowing glances that experienced parents give each other in the face of a public toddler meltdown. The sheer red-faced, quaking, loud explosion of the tantrum reminds us that 2-year-olds are entirely exasperating human beings and terrible roommates.

But there is a new kind of 2-year-old on the scene now that is well-behaved, well-groomed and, frankly, pretty helpful. We had hoped that when IBM X-Force Exchange debuted two years ago, it would become a hub of threat intelligence collaboration, allowing security analysts to streamline investigation workflows, and work together to better protect their networks and organizations.

It Takes a Village

We’ve grown the user base of X-Force Exchange to over 32,000 registered users, and the number of visitors to the site is almost 15 times that. Our registered users includes not only users outside of IBM, but also IBM Security researchers, analysts and practitioners who use the platform daily to help build better protection for IBM Security products, monitor our Managed Security Services (MSS) clients, and help customers as part of the IBM X-Force Incident Response and Intelligence Services (IRIS) engagements.

Registered users are not the only ones taking advantage of the platform features. In 2016, we made our public collections truly public by ceasing to require users to log in to view them. This helped our IBM X-Force research findings and collections, including those created for various malware campaigns such as Shamoon and Andromeda, to be accessible by anyone with the click of a mouse. This openness translates to all our reports as well, with threat intelligence on vulnerabilities, URL and IP reputation, and web application risks assessments available to be publicly searched. That volume has grown to nearly 2 million executed searches since the platform was released.

The X-Force Exchange Is All Grown Up

IBM continues to beef up higher levels of threat intelligence with insights from our X-Force research team. To date, those collections number over 200 and range from deep insights on malware campaigns to massive collections of spam and phishing indicators to help organizations stop incidents before they become serious issues. You can identify a formal X-Force Advisory by the presence of the X-Force shield on the collection card, and an X-Force researcher by the presence of a blue bar next to an avatar.

We’ll continue to provide research that sheds light on the business impact and risk assessment for security teams, and tie it back nicely to a collection on X-Force Exchange for the technical indicators and threat intelligence reports. With these insights, it’s easy to take preemptive actions, such as blocking access to a URL or quarantining a troublesome file.

Giving Back to the Village

The X-Force Exchange team constantly innovates to help improve the jobs of security analysts. The team has added updates from the X-Force Threat Analysis Service, a daily subscription email from our MSS team that includes current indicators on active attacks on our monitored client environments. To see these in X-Force Exchange, go to Public Collections and filter on “xftas”.

We introduced the ability to bring additional threat intelligence feeds into X-Force Exchange in December, and the roster of partners keeps growing. It’s become even easier to pay attention to critical areas with watchlists and quick collections. Collaboration is made even smoother due to the ability to create collections with as many or as few peers as you want using private groups.

To stay up to date on these and other new features added to X-Force Exchange, follow the X-Force Features tag here on Security Intelligence. If you haven’t yet visited X-Force Exchange, try it now! I promise, there are no small toys with sharp corners to step on.

Free Trial: IBM X-Force Exchange

More from Threat Intelligence

Charles Henderson’s Cybersecurity Awareness Month Content Roundup

In some parts of the world during October, we have Halloween, which conjures the specter of imagined monsters lurking in the dark. Simultaneously, October is Cybersecurity Awareness Month, which evokes the specter of threats lurking behind our screens. Bombarded with horror stories about data breaches, ransomware, and malware, everyone’s suddenly in the latest cybersecurity trends and data, and the intricacies of their organization’s incident response plan. What does all this fear and uncertainty stem from? It’s the unknowns. Who might…

Old Habits Die Hard: New Report Finds Businesses Still Introducing Security Risk into Cloud Environments

While cloud computing and its many forms (private, public, hybrid cloud or multi-cloud environments) have become ubiquitous with innovation and growth over the past decade, cybercriminals have closely watched the migration and introduced innovations of their own to exploit the platforms. Most of these exploits are based on poor configurations and human error. New IBM Security X-Force data reveals that many cloud-adopting businesses are falling behind on basic security best practices, introducing more risk to their organizations. Shedding light on…

Raspberry Robin and Dridex: Two Birds of a Feather

IBM Security Managed Detection and Response (MDR) observations coupled with IBM Security X-Force malware research sheds additional light on the mysterious objectives of the operators behind the Raspberry Robin worm. Based on a comparative analysis between a downloaded Raspberry Robin DLL and a Dridex malware loader, the results show that they are similar in structure and functionality. Thus, IBM Security research draws another link between the Raspberry Robin infections and the Russia-based cybercriminal group 'Evil Corp,' which is the same…

From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers

A comparative analysis performed by IBM Security X-Force uncovered evidence that suggests Bumblebee malware, which first appeared in the wild last year, was likely developed directly from source code associated with the Ramnit banking trojan. This newly discovered connection is particularly interesting as campaign activity has so far linked Bumblebee to affiliates of the threat group ITG23 (aka the Trickbot/Conti group), who are not known to have had a previous connection with Ramnit. This year has so far proven tumultuous…