February 19, 2016 By Doron Shiloach 2 min read

In the 1930s, the United States created the Social Security Administration to help fund a pension system for senior citizens with the aid of IBM’s punched card equipment and accounting and payroll data expertise. No one could have anticipated that the Social Security number created for each U.S. citizen would one day become a prime target for cybercriminals.

Some 80 years later in 2015, IBM Security brought about a new wave of social security, enabling collaborative defense to boost threat intelligence sharing with IBM X-Force Exchange. Recently, X-Force Exchange has introduced a number of capabilities that will further enhance users’ ability to be social and still gain better security.

Open Standards

The open standards STIX and TAXII are now implemented for observables and collections in X-Force Exchange. Public collections are now even more public and can be accessed without connecting to everybody on the Internet. There are a wealth of public collections on malware and other attack vectors created by our IBM X-Force researchers, indicated by a blue bar on the contributor avatar.

These and other public collections can be easily imported to a security intelligence platform to reduce the time to action by creating a rule to produce an alert when indicators present in the collection are found in the infrastructure being monitored. Conveniently, such new rule sets are now available from the IBM Security App Exchange, which is hosted on X-Force Exchange.

Download the white paper: Combat security attacks with global threat intelligence

Circles of Trust

The key to any collaboration is the element of trust. Without the ability to trust other participants in any collaborative defense arrangement, users will doubt the reliability of the information being provided.

As mentioned above, IBM X-Force researchers are now marked in the X-Force Exchange to call attention to trusted contributions. Analysis of current threats, malware and attack vectors are now available as information is updated by our researchers, who span not only the globe, but also a wide range of skills and experience.

To form your own circle of trust, you can create a private group to share sensitive information with only those other users you choose. These users could be within your own company, an industry consortium or even a selection of colleagues spanning your entire career. Within a group, you can share a private collection to collaborate on the investigations and the associated threat indicators relevant to your network or industry.

Notifications

As an investigation grows, the information in the collection that supports that investigation will naturally expand as more threat indicators are discovered and additional analysis of the threat is completed. With threat information being so dynamic, it is important for security analysts and other consumers to be updated as new information is discovered.

To that end, X-Force Exchange can now notify you as a collection is edited, whether it’s specific observables added to the collection, a new file attached, a new collection linked or changes made to the text description. With each of these, a notification email as well as a visual indication in the notification center alerts users, encouraging them to examine the collection to obtain the most up-to-date information.

A New Era of Collaborative Defense

Just as the original Social Security program will continue to evolve, so must the social and collaborative aspects of the modern security community. To take your part in the collaborative defense of the future, visit X-Force Exchange today.

Sign up for a free trial of the IBM X-Force Exchange

More from X-Force

FYSA – Critical RCE Flaw in GNU-Linux Systems

2 min read - Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare,…

Getting “in tune” with an enterprise: Detecting Intune lateral movement

13 min read - Organizations continue to implement cloud-based services, a shift that has led to the wider adoption of hybrid identity environments that connect on-premises Active Directory with Microsoft Entra ID (formerly Azure AD). To manage devices in these hybrid identity environments, Microsoft Intune (Intune) has emerged as one of the most popular device management solutions. Since this trusted enterprise platform can easily be integrated with on-premises Active Directory devices and services, it is a prime target for attackers to abuse for conducting…

You just got vectored – Using Vectored Exception Handlers (VEH) for defense evasion and process injection

10 min read - Vectored Exception Handlers (VEH) have received a lot of attention from the offensive security industry in recent years, but VEH has been used in malware for well over a decade now. VEH provides developers with an easy way to catch exceptions and modify register contexts, so naturally, they’re a ripe target for malware developers. For all the attention they’ve received, nobody had publicized a way to manually add a Vectored Exception Handler without relying on the built-in Windows APIs which…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today