Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and misconfigurations — remain the most common means to execute attacks.

With today’s attack surface dramatically expanding, access to current, comprehensive, and evidence-based threat intelligence and adversarial insights is crucial for defenders to inform their security strategies. Today’s threat model has changed: AI-first business strategies are inadvertently changing IT architectures and making data more dynamic, introducing new attack vectors and new forms of security risk.

In an effort to make X-Force’s cutting-edge research, threat intelligence and hacker-led insights more easily accessible to the security community we’re introducing the new X-Force research hub.

The research hub will house all X-Force research spanning offensive security, defensive security, threat intelligence and adversary simulation in one place — it will include annual threat reports, threat guides, threat intelligence, proof-of-concept research, defense recommendations and much more to help defenders stay up to date with latest attack trends.

What can you expect in this new hub?

Explore the X-Force research hub

Unparalleled expertise and intelligence

X-Force, incident responders, researchers, and analysts are at the forefront of the battle against cybercrime. These experts bring a wealth of experience and knowledge to the table, constantly analyzing emerging threats and vulnerabilities to stay one step ahead of attacks. Their ability to anticipate and understand new attack vectors enables them to provide actionable intelligence and timely guidance to organizations across the globe, via major research reports like the Threat Intelligence Index 2023, Cloud Threat Landscape (2023 edition coming in September), and Cost of a Data Breach 2023, in addition to ongoing research published here. This hub will provide a front-row seat to the latest X-Force research.

Global collaboration and shared insights

X-Force believes in the power of collaboration to combat cyber threats effectively. By fostering partnerships with other cybersecurity experts, sharing threat intelligence, and participating in the broader cybersecurity community, X-Force contributes to a collective defense against cybercrime. This collaborative approach ensures that insights and knowledge gained from one attack are used to prevent similar incidents in the future, benefiting the global cybersecurity landscape.

The hub will be broken out into four categories:

  • Adversary Services: Cutting-edge security research by senior red team operators, vulnerability researchers, and offensive engineers from the X-Force Adversary Services team, used to simulate sophisticated threat actors and help customers defend against advanced attacks.
  • Defensive Security: In-depth IR coverage from the incident responders working to detect, contain and recover from attacks 24×7.
  • Threat Intelligence: Breaking research on the latest threats, vulnerabilities and trends from global security intelligence experts who provide industry-leading analysis.
  • Offensive Security: Expert analysis from the X-Force Red hackers hired to break into organizations and help fix their most critical vulnerabilities.

What types of research can you expect? Here are examples of recent research articles released:

Access to information elicits action. We hope that by creating this repository of X-Force’s insight we can help better inform security teams’ priorities and defense posture. Bookmark the new hub at: www.securityintelligence.com/x-force.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today