Destabilizing events such as the global pandemic or the war in Ukraine create opportunities for cyber criminals to thrive. Every day new threats emerge, and at the same time, criminals find smarter routes to access your company’s assets and data.
Adapting in real time takes vast amounts of threat intelligence and time. IBM® X-Force® operates in over 170 countries and manages the security operations for thousands of customers. This visibility into the worldwide threat landscape, feeds the X-Force® Threat Intelligence Platform used by IBM Security QRadar SIEM to identify threats in your company.
How can you automatically detect the latest threats in your environment without spending hours on research?
Use global research and data from the IBM X-Force Threat Intelligence Platform to stay up to date on the latest trending threats.
The IBM X-Force Threat Intelligence Platform included with QRadar SIEM uses aggregated X-Force® Exchange data1. You can also integrate data from other threat intelligence feeds to help your organization stay ahead of emerging threats and exposure from the latest vulnerabilities.
Threat intelligence detects events such as:
- Serial attempted logins for a dynamic range of IP addresses
- Anonymous proxy connections to a business partner portal
- Connections between an internal endpoint and known botnet command and control
- Communication between endpoints and known malware distribution sites
Threat intelligence allows you to rank new types of incidences in QRadar by risk value, integrating them seamlessly with other security data. For example, you can import public collections of dangerous IP addresses from IBM X-Force Exchange and then create a rule to raise the magnitude of any offense that includes IP addresses from that watch list.
QRadar SIEM uses the latest malicious IP addresses, URLs and malware file hashes from IBM X-Force Threat Intelligence and other threat intelligence sources, so that your SIEM platform can detect the world’s latest critical and advanced threats.
The IBM Advanced Threat Protection Feed by X-Force Exchange delivers a defined set of actionable indicators for direct ingestion into security tools and solutions. You can view, search and update the feed.
STIX and TAXII are the machine readable, easily automated communication standards used to share information about cyberthreats. STIX (Structured Threat Information eXpression) defines the information included in the threat intelligence, while TAXII (Trusted Automated eXchange of Intelligence Information) defines how that information is relayed. The IBM Threat Intelligence Platform supports your company to upload and download threat information to the global networks in STIX and TAXII formats.
The exchange API, whether commercial or enterprise, allows you to collaborate with peers in a worldwide community, aggregate global research and act on threat intelligence together.
The IBM Threat Intelligence Platform for QRadar SIEM can integrate with threat intelligence services.
Intelligence provided by CrowdStrike's elite team of threat analysts, security researchers, cultural experts and linguists helps you stay ahead of adversaries.
The Mandiant Advantage app for QRadar brings Mandiant's frontline intelligence to QRadar, highlighting indicators of compromise (IOCs) in your network and letting you identify and explore the ones that matter the most.
Cofense Intelligence provides security teams with context around the criminal infrastructure to extend beyond expected IOCs, enabling teams to see an adversary's full operation as opposed to one-offs that change rapidly.
ZeroFox provides enterprises with protection, intelligence and disruption to identify and dismantle external threats in one comprehensive platform.
IntSights delivers up-to-date IOCs so you can continuously synchronize your network and security solutions for faster incident response and threat workflows.
1Allows you to use the X-Force Threat Intelligence data in QRadar correlation rules and AQL