Overview

IBM X-Force Research and Development is one of the most renowned commercial security research and development teams in the world. These security professionals monitor and analyze security issues from a variety of sources, including its database of more than 76,000 computer security vulnerabilities, its global web crawler and its international spam collectors. The X-Force team produces the IBM X-Force Threat Intelligence Quarterly report to help customers, fellow researchers and the public at large better understand the latest security risks, and stay ahead of emerging threats. The reports dive deeply into some of the most significant challenges facing security professionals today, including software vulnerabilities and public exploitation, malware, spam, phishing, web-based threats and general attack activity.


IBM Security X-Force Threat Intelligence:
  • Automatically feeds X-Force data into IBM QRadar Security Intelligence Platform analytics to provide deeper insight and greater protection.
  • Provides vulnerability coverage across a wide range of use cases to optimize the value of additional threat intelligence.
  • Uses IBM X-Force research to protect against the threat of attack through data collection efforts and an extensive knowledge base.
Automatically feeds X-Force data into IBM QRadar Security Intelligence Platform analytics
  • Delivers additional insight into and context for security situations that involve IP addresses of a suspicious nature.
  • Incorporates IP reputation data into QRadar rules, offenses and events.
  • Provides relative threat scoring, and automatically incorporates data into QRadar correlation and analysis functions.
  • Incorporates the latest X-Force security threat advisories and informational updates into the QRadar dashboard.
Provides vulnerability coverage across a wide range of use cases
  • A series of attempted logins from a dynamic range of IP addresses.
  • An anonymous proxy connection to a business partner portal.
  • A connection from a non-mail server with a known spam host.
  • A connection between an internal endpoint and a known "botnet" command and control.
  • Communication between an endpoint and a known malware distribution site.
Uses IBM X-Force research to protect against the threat of attack
  • Maintains and analyzes a known security vulnerabilities database with more than 70,000 entries.
  • Tracks billions of security incidents, monitors millions of spam and phishing attacks and has analyzed billions of web pages and images.
  • Maintains a global research footprint and collects data from multiple research sources.
  • Collaborates with businesses and governments, vertical sector information centers and global coordination centers.
  • Analyzes proof of concepts and public exploit code, and updates the IBM Internet Security Systems AlertCon resource center in near real time.

The Internet continues to connect more people, places and things, resulting in a new range of security risks. Today the Internet of Things seems more of a curiosity than a valid business concern, but hardware manufacturers have an opportunity to head off potential vulnerabilities and security issues. Likewise, organizations have an opportunity to leverage IP reputations to ward off malicious traffic before it enters their network.

  • IoT: As with other broad categories of technology, such as Cloud or Mobile, the IoT can offer productivity and quality-of-life improvements, but it can drag in its wake a host of unknown security threats.
  • Bad Reputation: Who's the top offender for malware hosting? It's not surprising that countries with greater numbers of technology users and service providers figure higher in the rankings, but where the top malware hosts are concentrated may surprise you.
  • The Immediate Aftermath of Heartbleed: Just one day after the disclosure, IBM Managed Security Services (MSS) witnessed attacks on customer networks spiking to 300,000 attacks in a 24-hour period. Find out why, despite a patch being issued, attacks are still ongoing.
  • One-Day Attacks: For one-day attacks, the goal of the attacker is to take advantage of the exposure window of organizations between when the patches are announced and when the patches are actually deployed. Learn what steps you can take to prepare your network.
  • Declining Vulnerability Disclosures: Vulnerability disclosures in the first half of 2014 are down compared to prior years. For those that were reported, like Heartbleed, the current CVSS v2 standard doesn't necessarily reflect the actual risk the vulnerability may pose. Learn how the industry is adapting to assess these risks more accurately.
  • Hosted Application Security Management: Research by the IBM Hosted Application Security Management team shows that half of the organizations studied underestimate the number of web applications they have deployed, and could be exposing vulnerable assets. Broken authentication and cross-site request forgery occurred in nearly a quarter of scanned applications in 2013. The popular and widely used OpenSSL library put a huge percentage of websites at risk for data leakage of private and critical information.
  • Spam: Attackers who want to access sensitive data will look for any open doors or revitalize old techniques if they bring success. The IBM X-Force content security team provides a current view into how attackers are attempting to exploit the email inbox and evade detection.
  • Remote Incident Response: As businesses continue to expand operations outside of traditional markets, incidents in remote countries or infrastructure-deficient areas require a unique game plan. When a breach does occur, incident response teams should be prepared to expect the unexpected and we discuss some critical areas to consider.
  • Central strategic targets: More than half a billion records of personally identifiable information (PII) were leaked. Distributed denial of service attacks, SQL injection and malware were the top attack methods. Some of the largest breaches hit point-of-sale systems, not payment processors, and attackers are using more operationally sophisticated methods to maximize the length and severity of breaches.
  • Weaponized content: Exploits that target vulnerabilities in a popular programming language prevalent in almost every enterprise are exposing organizations to attacks. These exploits can be harder to mitigate because they often run as a trusted application.
  • Mobile security: IBM X-Force has not seen significant incidents in public disclosures to corroborate concerns that bring-your-own-device programs would risk exposing enterprise data through loss or theft. Although some organizational information may be present on mobile devices, IBM X-Force found that the biggest risk to the enterprise isn't the data contained on these devices—it's the credentials.
  • Public vulnerabilities: Public vulnerability disclosures increased slightly over 2012 levels, although web application, cross-site scripting and SQL injection vulnerability disclosures trended downward. The most prevalent consequence of vulnerability exploitation was gaining access to applications or systems, and the second most prevalent was cross-site scripting, which typically involves attacks against web applications.
  • Social media: It's a valuable business tool, but social media is being used by attackers for reconnaissance and launching attacks.
  • Mobile device malware: How the explosive growth of Android devices is attracting malware authors.
  • Poisoning the watering hole: How attackers are compromising a central strategic target and launching zero-day exploits.
  • Distraction and diversion: How attackers are amplifying Distributed-Denial-of-Service (DDoS) attacks as a distraction to allow them to breach other systems.
  • Old techniques, new success: How today's security complexity can enable old gaps to be exploited.
IBM X-Force® Threat Analysis Service
Download Data Sheet
top down