IBM is to make its security intelligence data available to third parties through its newly-launched cloud cyber threat intelligence platform, IBM X-Force Exchange.
Over the years, Big Blue has built up a huge library of its own and third-party security intelligence data, and it now wants to turn it into an actionable resource to help its customers combat security threats.
Its database includes information based on real-time monitoring of more than 15 billion security events every day; malware threat intelligence from a network of 270 million endpoints; threat information based on 25 billion web pages and images; details of 8 million spam and phishing attacks; and reputational data on close to a million malicious IP addresses.
It has also used data from its thousands of global clients, and the accumulated knowledge of a worldwide network of security analysts and experts from IBM Managed Security Service.
IBM said that even though the vast majority of cyber attacks are driven by data, tools and expertise shared among criminals, most of their targets were not mobilised in the same way.
“X-Force Exchange will foster collaboration on the scale necessary to counter the rapidly rising and sophisticated threats that companies are facing from cyber criminals,” said Brendan Hannigan, GM at IBM Security.
Read more about threat intelligence
- Expert Ed Tittel examines the top threat intelligence services to understand how they differ from one another and address various enterprise security needs.
- Expert Nick Lewis breaks down the evolution of the STIX framework and how it can be used to improve security threat intelligence.
- Up-and-coming threat intelligence tools aim to improve data security and even standardise threat intelligence across the industry.
At launch, X-Force Exchange will host over 700TB of raw aggregated data, which will grow by the hour as real-time information on security events continues to flood in.
“We are taking the lead by opening up our own deep and global network of cyber threat research, customers, technologies and experts,” said Hannigan.
“By inviting the industry to join our efforts and share their own intelligence, we are aiming to accelerate the formation of the networks and relationships that we need to fight hackers.”
By enabling customers to interact directly with its own security analysts, researchers and even peers to validate their findings, IBM hopes to bring a more collaborative, contextual approach to security.
For example, should a researcher uncover a previously unknown malware domain, they could note it as malicious within the platform, from where an analyst at another company could find it from their network on the exchange and consult with others to validate its danger.
The analyst could then apply blocking rules to their digital presence, stopping malicious traffic, and use X-Force Exchange to alert their CISO, who could then add the malicious traffic source to the public database so that industry peers could contain and stop the threat before it becomes a problem.
The service is currently in beta.