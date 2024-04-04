IBM Security X-Force Threat Intelligence
Identify, investigate and block threats with actionable, real-time threat intelligence
Research, identify and act on threat intelligence

X-Force Threat Intelligence is a cloud-based threat intelligence solution analyzing over one billion data points. Identify, investigate, and remediate global threats powered by a dynamic blend of human and machine intelligence, harnessing the expansive scale of IBM X-Force.
  • Scans over 10M web pages daily for data gathering
  • Analyzes 1.5M messages daily for threats via SPAM/phishing traps
  • Collects data from 330M+ endpoints globally
X-Force Threat Intelligence Index 2024

In 2023, organizations saw a 71% spike in cyberattacks caused by exploiting identities. Check out the new report to learn how to best safeguard identities.
Benefits Proactive early warning

Quickly research and action threats using X-Force Threat Intelligence, from a rich base of early warning data, strategic and tactical intelligence, augmented with deep vulnerability insights from threat intelligence services research.

 Automated blocking and alerting

Block against malware, phishing, and botnets with curated insights from IBM X-Force. Enrich threat context using feeds and indicators. Access data programmatically via STIX, TAXII, or RESTful API for efficient, automated responses, strengthening your defense against evolving threats.

 Boost security operations
Incorporate intelligence from IBM X-Force research to improve your security operations and enable near real-time decision making in the face of cybersecurity threats and incidents.
Offerings

IBM X-Force Exchange

Collaborate with more than 100k defenders in this threat research community portal. Exchange delivers dependable, actionable, and timely intelligence drawn from a vast repository of 900+ terabytes of threat data.

 Go to X-Force Exchange X-Force Threat Intelligence Essentials

Leverage APIs for foundational threat intelligence, early warning insights and automated actions. Elevate threat detection, investigation, blocking and enrichment capabilities with integrations across tools like SIEM, IPS, and IDS.

 X-Force Threat Intelligence Standard

Fortify and enhance security operations with automated, real-time threat detection and blocking. Integrate highly curated X-Force Threat Intelligence with existing security tools, like firewalls, IDS, and SIEM to improve effectiveness and efficiency.

 X-Force Threat Intelligence Premium

Enhance proactive threat management with detailed insights into threat groups, campaigns, and malware. Operationalize real-time threat intelligence with strategic and tactical reports, industry insights, and urgent notifications of emerging threats.

How customers use it

Research the latest threats X-Force Exchange provides access to over 900 terabytes of human and machine-generated threat intelligence through reports, advisories and collections, including support for third-party providers through bring-your-own functionality.
Integrate threat intelligence through open standards IBM X-Force threat intelligence can be integrated into existing security solutions by way of the RESTful API, including STIX over TAXII protocols to incorporate structured and unstructured data.
Automate blocking of malicious websites Early warning insights provides a list of malicious domains—for detections, blocking and enrichment—that can be integrated into existing tools. Information on deep-dive lifecycles and volumetric data helps make timely decisions before a threat propagates.
Make informed, strategic cybersecurity decisions The X-Force Premium Threat Intelligence Reports provide you with higher-order intelligence to generate strategic awareness across regions and industries, identify future trends, and characterize threat events to guide strategic decision making.
Monitor and protect your environment against cyber threats Operationalize threat intelligence for real-time detection and prevention, with access to a protection feed that provides highly actionable data to detect and block access to and from high-risk botnets, malware endpoints and crypto-miners.

Frequently asked questions

X-Force is a threat-centric team of hackers, responders, researchers and analysts with decades of experience. Our portfolio includes offensive and defensive products and services, fueled by a 360-degree view of threats. With a deep understanding of how threat actors think, strategize and strike, our team knows how to prevent, detect, respond to, and recover from incidents so that you can focus on business priorities. 

  • IBM® X-Force expert services are backed by more than 1,000 world-class hackers, responders, researchers and analysts that are renowned industry thought leaders and security influencers.
  • Our threat intelligence is gleaned from IBM incident response client engagements, combined with all-source threat actor analysis, and infused in all IBM Security® products and services to help clients stay ahead of attacks.
  • X-Force threat hunters use IBM’s proprietary TTP threat hunt library and the MITRE ATT&CK framework to provide proactive threat detection

Threat intelligence is a compilation of threat information that is gathered across external sources and used to prevent and mitigate cyberattacks. Threat data is organized, refined and augmented to make it actionable and to allow your cybersecurity team to understand threats and the actors behind them.
The X-Force® Threat Intelligence team delivers global threat intel applied to your security operations with detection and response content. We help streamline workflow, orchestration and applications that drive enrichment, collaboration, visualization and advanced analytics, providing:

  • Direct access to the latest threat intel from our engagements
  • High quality, prioritized, actionable intelligence for detection and response

Threat intelligence empowers cybersecurity teams to proactively defend against and rapidly respond to threats attacking their organization by helping them identify and understand their adversary, create a response plan and allocate resources strategically. Cybersecurity teams can use threat intelligence to block attacks in real time and mitigate the risk of attackers affecting their brand and reputation.

Threat intelligence is purposely built by industry experts from a wide range of backgrounds, including former government intelligence analysts, SOC analysts and private industry consultants. The team’s founding principles include strict analytic rigor, correct analysis and reproducible assessments. 

X-Force Threat Intelligence uses industry best practice frameworks such as:

  • Diamond Model Intrusion Analysis 
  • Lockheed Martin Cyber Kill Chain
  • MITRE ATT&CK

Threat intelligence is valuable to different members across the security operations center (SOC), from real-time blocking for tier 1 analysts, aiding investigation and threat hunting for more experienced analysts, to helping SOC leaders make strategic decisions.

There are 5 types of premium reports published as premium content in the X-Force® Exchange platform:

  • Threat Activity reports provide real-time updates about discovered activity, whether from incident response investigation, IBM telemetry, open sources or other forms of collection. Security analysts can gain an immediate understanding of what X-Force knows about the attack lifecycle while executives get a quick understanding of the latest threats in their industry.
  • Early Warning Research reports provide a security analyst with early warning on malicious domains that are surfaced through X-Force's partnership with Quad9. The research provides access to threats, malicious domains, DNS activity and volumetrics to identify abnormal spikes in activity. 
  • Malware Analysis reports provide a security analyst with an in-depth description of how the malware functions, indicators of compromise, payloads, mutexes and processes. The analyst can use the information to hunt on their network or pivot to other relevant information about the threat groups who use the malware, other similar tools, and behaviors to detect on their networks.
  • Threat Group profiles provide a security analyst with the latest information about cyber threat groups, including their typical targets, history, TTPs (tactics, techniques and procedures), common attack vectors, top malware and where the threat group might be targeting next.
  • An Industry Analysis report provides executives with a baseline of threats to their industry and the future landscape so they can assess risks and assign resources based on what’s being observed, including relevant malware, threat groups and threat activity.

The Domain Name System (DNS) is the protocol that translates user-friendly domain names that people can remember to computer-friendly IP addresses.

Quad9, a partnership between IBM, Packet Clearing House and Global Cyber Alliance, is a recursive DNS platform that blocks against malicious domains to prevent your computers and IoT devices from connecting to malware or phishing sites.

X-Force Threat Intelligence is a cloud-based threat intelligence solution analyzing over one billion data points. It allows you to identify, investigate, and remediate global threats powered by a dynamic blend of human and machine intelligence, harnessing the expansive scale of IBM X-Force.

  • Scans over 10M web pages daily for data gathering
  • Analyzes 1.5M messages daily for threats via SPAM/phishing traps
  • Collects data from 330M+ endpoints globally

X-Force Threat Intelligence is offered in multiple editions. Compare the editions and features to see which tier meets your security needs.

Each year, IBM Security X-Force—our in-house team of cybersecurity experts and remediators—mines billions of data points to expose today’s most urgent security statistics and trends.

IBM Security’s latest research is published in the annual X-Force Threat Intelligence Index, a comprehensive overview of the global threat landscape based on data collected throughout the previous year.

The X-Force Premium Threat Intelligence Reports are available through the Enterprise edition of the X-Force Exchange Commercial API. If you are experiencing an incident, contact X-Force to help: US hotline 1-888-241-9812; Global hotline (+001) 312-212-8034.

IBM X-Force Exchange is a cloud-based threat intelligence platform that allows you to consume, share and act on threat intelligence. It enables you to rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts and collaborate with peers.

The X-Force Exchange provides a combination of observable indicators including vulnerabilities, malware, malware families, IP reputation, URL reputation, web applications, pDNS, WHOIS information, malicious domains, and higher-order intelligence such as actors, campaigns, incidents and TTPs. X-Force Threat Intelligence provides curated analysis of threats, groups, malware and industries.

X-Force Threat Intelligence data is sourced from IBM-developed infrastructure and databases, open-source intelligence, commercial sources, the deep web, and partnerships with third-party sources.

IBM X-Force threat intelligence can be integrated into existing security solutions by using a RESTful API, including STIX over TAXII protocols to incorporate structured and unstructured data.

Please visit IBM X-Force Exchange API Documentation (link resides outside ibm.com).
