2016 will be the year that actionable intelligence moves to center stage on the IBM X-Force Exchange threat intelligence sharing platform. The objective during the year ahead will be to improve the relevance and timeliness of the threat information on offer, and to integrate it into workflows that enterprise security analysts can use more effectively.
More actionable intelligence and less noise is the objective
For IBM in 2016, there will be less visible focus on individual threat intelligence contributions from Trusteer (malware and fraud prevention), WatchFire (application security), Guardium (database security), Q1Labs (security intelligence and SIEM), and Internet Security Systems (security services). While these groups aren’t going away, their input will be unified under the IBM X-Force brand.
Since X-Force Exchange was launched in April 2015, the emphasis has been on ensuring that the threat intelligence gathered was of good quality. This has been achieved using IBM’s in-house threat research teams that collectively cover most security disciplines. The teams have now turned their focus to the objective of separating out the volume of noise that multiple threat intelligence feeds commonly produce to focus on delivering targeted and relevant threat information for its platform users.
At the same time, IBM has built up an infrastructure of trusted external resources and security partners to take the X-Force Exchange proposition onto the next level. It has established a group of more than 11,000 contributors and registered users. This incorporates more than 2,000 enterprise organizations across 16 global industries, including five of the world’s top 10 banks, six of the top 10 retailers, six of the top 10 automobile manufacturers, and three of the top 10 healthcare providers.
IBM has seen the number of data collection resources grow by a factor of 10 since the X-Force Exchange platform launched. However, this is not about the type of numbers game that has clearly failed to deliver genuine threat intelligence elsewhere. Its strategy of building a strong partner pipeline of established security and business partners (threat intelligence producers and consumers) adds a controlled public collection element to the overall threat intelligence package.
IBM is looking to extend its influence over the security intelligence sector through the delivery of actionable intelligence from the Exchange directly into customers’ security infrastructure platforms. This is an approach that won’t immediately deal with all of the complexity and data management issues that currently exist within the threat intelligence arena, but on a practical level, it is intended to reduce the time to identify and deal with emerging threats using commercial, trusted circle, open source, and publicly sourced threat intelligence.
2016 Trends to Watch: Security, IT0022-000522 (October 2015)
“Proactive CISOs do not always see shadow IT as a major problem”, IT0022-000427 (July 2015)
Andrew Kellett, Principal Analyst, Infrastructure Solutions