Social Security: Making the Most of Collaborative Defense With Threat Intelligence
In the 1930s, the United States created the Social Security Administration to help fund a pension system for senior citizens with the aid of IBM’s punched card equipment and accounting and payroll data expertise. No one could have anticipated that the Social Security number created for each U.S. citizen would one day become a prime target for cybercriminals.
Some 80 years later in 2015, IBM Security brought about a new wave of social security, enabling collaborative defense to boost threat intelligence sharing with IBM X-Force Exchange. Recently, X-Force Exchange has introduced a number of capabilities that will further enhance users’ ability to be social and still gain better security.
The open standards STIX and TAXII are now implemented for observables and collections in X-Force Exchange. Public collections are now even more public and can be accessed without connecting to everybody on the Internet. There are a wealth of public collections on malware and other attack vectors created by our IBM X-Force researchers, indicated by a blue bar on the contributor avatar.
These and other public collections can be easily imported to a security intelligence platform to reduce the time to action by creating a rule to produce an alert when indicators present in the collection are found in the infrastructure being monitored. Conveniently, such new rule sets are now available from the IBM Security App Exchange, which is hosted on X-Force Exchange.
Circles of Trust
The key to any collaboration is the element of trust. Without the ability to trust other participants in any collaborative defense arrangement, users will doubt the reliability of the information being provided.
As mentioned above, IBM X-Force researchers are now marked in the X-Force Exchange to call attention to trusted contributions. Analysis of current threats, malware and attack vectors are now available as information is updated by our researchers, who span not only the globe, but also a wide range of skills and experience.
To form your own circle of trust, you can create a private group to share sensitive information with only those other users you choose. These users could be within your own company, an industry consortium or even a selection of colleagues spanning your entire career. Within a group, you can share a private collection to collaborate on the investigations and the associated threat indicators relevant to your network or industry.
As an investigation grows, the information in the collection that supports that investigation will naturally expand as more threat indicators are discovered and additional analysis of the threat is completed. With threat information being so dynamic, it is important for security analysts and other consumers to be updated as new information is discovered.
To that end, X-Force Exchange can now notify you as a collection is edited, whether it’s specific observables added to the collection, a new file attached, a new collection linked or changes made to the text description. With each of these, a notification email as well as a visual indication in the notification center alerts users, encouraging them to examine the collection to obtain the most up-to-date information.
A New Era of Collaborative Defense
Just as the original Social Security program will continue to evolve, so must the social and collaborative aspects of the modern security community. To take your part in the collaborative defense of the future, visit X-Force Exchange today.