Light Dark
December 8, 2015 By Chris Meenan 3 min read
Intelligence & Analytics

It’s commonly said that “there’s no I in team.” That’s certainly a platitude cybercriminals take to heart since they behave like one big, global team in many ways.

They collaborate together on a vast scale, sharing information about their intended victims, including their user IDs, passwords, personal information, social circles and other intelligence. They also collaborate on their weaponry — sharing malware kits, vulnerability exploits and command-and-control infrastructure — to rapidly create attacks with a high degree of accuracy. This type of joint effort necessitates a collaborative defense as a response.

The Need for Intelligence Sharing

Where does the collaborative attack leave the intended victims? They’re working in silos, often with poorly integrated security solutions, a lack of visibility and too much complexity in their security systems. Not a great place to be!

More than ever, organizations need the whole security community to collaborate more closely with each other, sharing threat intelligence to provide truly integrated solutions and common platforms that maximize reuse and enable deep integration. This should lead to innovative, agile solutions that can adequately respond to attack activity from criminals.

IBM Security believes this is fundamental to any successful cybersecurity strategy. To enable this collaboration, we opened up our threat intelligence database, IBM Security X-Force Exchange, to the community. This open collaboration platform has over 700 TB of intel and enables organizations to openly collaborate and share information regarding threats we are all exposed to. We have over 10,000 users from more than 2,000 unique organizations already on the platform, so clearly there is a real need for this type of environment.

The Next Phase of Collaborative Defense

We are now ready to announce the next phase of our collaborative defense enablement strategy, which has two very exciting and significant parts. Firstly, we have extended our collaboration platform, the IBM X-Force Exchange, to include the IBM Security App Exchange.

The new App Exchange gives organizations access to collaboratively built security defense and response solutions created by IBM, our partners, third-party security vendors, researchers and clients. Organizations will not only have the confidence that apps on the App Exchange are curated by IBM, but also that the security community as a whole is able to review and contribute to them.

This exchange is launching with over a dozen apps built by IBM and our community of partners in exciting areas, including incident visualization, insider threats, incident response, endpoint detection and remediation and many more.

Visit the brand new IBM Security App Exchange to browse our catalog of security apps

In defense, platforms are critical. They enable rapid creation of new workflows, analytics and visualizations to provide visibility and defense. To that end, we also created the QRadar Application Framework. In other words, we’ve supercharged QRadar with apps, providing increased flexible with reduced complexity.

QRadar is the market leader in security intelligence, collecting, analyzing and detecting threats in real time, and it is the foundation of incident detection and response workflow. As such, the platform provides all the core capabilities needed to not only develop new security applications, but also seamlessly integrate them with existing solutions.

The new QRadar Application Framework and SDK enables partners, third-party security vendors, managed services organizations, customers and IBM to rapidly build new security extensions directly into QRadar. This utilizes all the core capabilities of the platform (e.g., data collection, normalization, correlation, search, behavioral baselining, incident detection and more) and also seamlessly adds new analytics, visualizations and workflows.

Evolving with the Times

What does this means for our community of partners, third-party security vendors, services organizations and customers? It means they can quickly innovate and create their own unique, valuable solutions on QRadar, maximizing reuse and sharing new capabilities with the extensive QRadar community.

What does this mean for our customers? The ability to jump-start their security operations with speed and simplicity, and constant access to innovative, curated, security-focused solutions that keep the attackers at bay.

What does it mean for cybercriminals ? A harder time.

We are very excited about what these two new innovations mean for truly collaborative defense in the security market — and there definitely will never be an I in QRadar!

Check out the IBM Security App Exchange to browse the catalog of security defense and response apps from IBM and its partners, and watch the replay of our webinar to meet some of our application partners and learn even more about how to use collaboration and analytics to solve security challenges in the new year.

 |  |  |  |  | 
Chris Meenan
VP, Product Management, IBM Security

More from Intelligence & Analytics
October 30, 2023

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

September 12, 2023

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

September 7, 2023

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature