introducing ibm x-force exchange · scale of ibm x-force introducing ibm x-force exchange research...
TRANSCRIPT
© 2015 IBM Corporation
IBM Security
1© 2015 IBM Corporation
Introducing IBM X-Force ExchangeA new way for the world to leverage collaborative
threat intelligence
Domenico Raguseo Europe Technical Sale Manager
Follow me @domenicoraguseo
© 2015 IBM Corporation
IBM Security
2
Security teams are using multiple sources of intelligence to identify cyber threats, but they come with new challenges
65%of enterprise firms use external threat intelligence
to enhance their security decision making 1
However, security teams lack critical support to make the most of these resources
It takes too long to make information actionable
Data is gathered from untrusted sources
Analysts can’t separatethe signal from the noise
1 Source: ESG Global
© 2015 IBM Corporation
IBM Security
3
Backed by the reputation and
scale of IBM X-Force
Introducing IBM X-Force Exchange
Research and collaboration platform and API
Security Analysts and Researchers
Security Operations
Centers (SOCs)
Security Products and Technologies
OPENa robust platform with access to a wealth of threat intelligence data
SOCIALa collaborative platform for sharing threat intelligence
ACTIONABLEan integrated solution to help quickly stop threats
A new platform to consume, share, and act on threat intelligence
IBM X-Force Exchange is:
© 2015 IBM Corporation
IBM Security
4
OPENA robust platform with access to a wealth of threat intelligence data
• Over 700 terabytes of machine-generated intelligence from crawler robots, honeypots, darknets, and spamtraps
• Multiple third party and partner sources of intelligence
• Up to thousands of malicious indicators classified every hour
Quickly gain access to threat data from curated
sources:
Leverage the scale of IBM Security and partner ecosystem
Human intelligence adds context to machine-
generated data:
• Insights from security experts, including industry peers, IBM X-Force, and IBM Security professionals
• Collaborative interface to organize and annotate findings, bringing priority information to the forefront
© 2015 IBM Corporation
IBM Security
5
IBM Security Network Protection XGS
IBM Security QRadar Security Intelligence
IBM SecurityTrusteer Apex
Malware Protection
ACTIONABLEAn integrated solution to help quickly stop threats
STIX / TAXII(future feature)
API
• Integration between IBM Security products and X-Force Exchange-sourced actionable intelligence
• Designed for third-party integration with planned future support for STIX and TAXII, the established standard for automated threat intelligence sharing
• Leverage the API to connect threat intelligence to security products
Push intelligence to enforcement
points for timely protection
3rd Party Products
© 2015 IBM Corporation
IBM Security
6
SOCIALA collaborative platform for sharing threat intelligence
Add context to threats
via peer collaboration
• Connect with industry peers to validate findings
• Share a collection of Indicators of Compromise (IOCs) to aid in forensic investigations
Discovers a new malware domain and marks it as malicious in the X-Force Exchange
INCIDENTRESPONDER
1
Finds the domain and applies blocking rules to quickly stop malicious traffic. Shares with his CISO using the Exchange
SECURITYANALYST
2
Adds the domain to a public collection named “Malicious Traffic Sources Targeting Financial Industry” to share with industry peersCISO
3
For the first time, clients can interact with IBM X-Force security researchers and experts directly
IBM X-FORCE
4