February 19, 2016 By Doron Shiloach 2 min read

In the 1930s, the United States created the Social Security Administration to help fund a pension system for senior citizens with the aid of IBM’s punched card equipment and accounting and payroll data expertise. No one could have anticipated that the Social Security number created for each U.S. citizen would one day become a prime target for cybercriminals.

Some 80 years later in 2015, IBM Security brought about a new wave of social security, enabling collaborative defense to boost threat intelligence sharing with IBM X-Force Exchange. Recently, X-Force Exchange has introduced a number of capabilities that will further enhance users’ ability to be social and still gain better security.

Open Standards

The open standards STIX and TAXII are now implemented for observables and collections in X-Force Exchange. Public collections are now even more public and can be accessed without connecting to everybody on the Internet. There are a wealth of public collections on malware and other attack vectors created by our IBM X-Force researchers, indicated by a blue bar on the contributor avatar.

These and other public collections can be easily imported to a security intelligence platform to reduce the time to action by creating a rule to produce an alert when indicators present in the collection are found in the infrastructure being monitored. Conveniently, such new rule sets are now available from the IBM Security App Exchange, which is hosted on X-Force Exchange.

Download the white paper: Combat security attacks with global threat intelligence

Circles of Trust

The key to any collaboration is the element of trust. Without the ability to trust other participants in any collaborative defense arrangement, users will doubt the reliability of the information being provided.

As mentioned above, IBM X-Force researchers are now marked in the X-Force Exchange to call attention to trusted contributions. Analysis of current threats, malware and attack vectors are now available as information is updated by our researchers, who span not only the globe, but also a wide range of skills and experience.

To form your own circle of trust, you can create a private group to share sensitive information with only those other users you choose. These users could be within your own company, an industry consortium or even a selection of colleagues spanning your entire career. Within a group, you can share a private collection to collaborate on the investigations and the associated threat indicators relevant to your network or industry.

Notifications

As an investigation grows, the information in the collection that supports that investigation will naturally expand as more threat indicators are discovered and additional analysis of the threat is completed. With threat information being so dynamic, it is important for security analysts and other consumers to be updated as new information is discovered.

To that end, X-Force Exchange can now notify you as a collection is edited, whether it’s specific observables added to the collection, a new file attached, a new collection linked or changes made to the text description. With each of these, a notification email as well as a visual indication in the notification center alerts users, encouraging them to examine the collection to obtain the most up-to-date information.

A New Era of Collaborative Defense

Just as the original Social Security program will continue to evolve, so must the social and collaborative aspects of the modern security community. To take your part in the collaborative defense of the future, visit X-Force Exchange today.

Sign up for a free trial of the IBM X-Force Exchange

More from X-Force

Q&A with Valentina Palmiotti, aka chompie

4 min read - The Pwn2Own computer hacking contest has been around since 2007, and during that time, there has never been a female to score a full win — until now.This milestone was reached at Pwn2Own 2024 in Vancouver, where two women, Valentina Palmiotti and Emma Kirkpatrick, each secured full wins by exploiting kernel vulnerabilities in Microsoft Windows 11. Prior to this year, only Amy Burnett and Alisa Esage had competed in the contest's 17-year history, with Esage achieving a partial win in…

X-Force discovers new vulnerabilities in smart treadmill

7 min read - This research was made possible thanks to contributions from Joshua Merrill. Smart gym equipment is seeing rapid growth in the fitness industry, enabling users to follow customized workouts, stream entertainment on the built-in display, and conveniently track their progress. With the multitude of features available on these internet-connected machines, a group of researchers at IBM X-Force Red considered whether user data was secure and, more importantly, whether there was any risk to the physical safety of users. One of the most…

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today