IBM X-Force Exchange Reviews

It's a threat intelligence platform, and we aim to enhance its intelligence by integrating additional security solutions.

It's an entire organization-wide integration rather than individual services. The integration allows all units within the organization to benefit collectively. The tool is designed to fit seamlessly into the organization’s structure, ensuring that every part can leverage the integration effectively.

IBM X-Force is a SaaS version. X-Force is integrated with a Security Intelligence Platform, but it's a SaaS version.

In short, we use a platform called the  a Security Intelligence Platform based on IBM Qradar SIEM, which is what we  enrich from the X-Force engine so that we actually get threat intel from IBM X-Force. We also different leverage on content packs that we download from X-Force. We have thousands of rules that come out of the box with QRadar, which is the SIEM platform. But we need to leverage X-Force to get real time threats feeds and have an understanding of what will be happening, and get advisory on issues such as  vulnerability numbers, malware names, MD5 hashes, IP addresses, and other characteristics to see if we have been compromised. We can check for 

• CVE or breach or malware threat to obtain more details regarding that coverage.

IBM X-Force has shortened our lifecycle for cyber security investigations. Threat analysis activity can take a lot of time. Providing this service to  customers require a quick turn around time . So besides using it in my data center, I have  multi-tenants SOC environment , with tenants belonging to other Customers that I monitor. So if a customer comes to me and says, "what does it exactly mean for us?" I can quickly leverage a tool that helps me to get quick visibility, quick understanding, quick investigation, quick drill down, and be able to close their offenses and issues as quick as I can. 

X-Force has the ability to integrate with other solutions such as Cisco Threat Grid cloud. It's quite intergrable so you can actually integrate and get all the threat intel such geography , blaclisted domains , hashes to watch out for , IP  , malware and URL information. Access to all this gives you some intelligence into what you're trying to investigate and what you will be trying to understand.

The primary use case for the solution is for incident response and detecting threats.

We are using the latest version of the exposed rack.

It has a lot of artificial intelligence features. It helps us detect a lot of threats. What is more important, we are able to sense and detect more threats than what we are able to predict today. IBM is investing more into AI and other areas at the moment.

This product has helped to increase staff productivity. For example, two years from now, we may end up letting go five to ten people more from a SOC analyst standpoint.

Our primary use case is for threat intelligence. We are feeding intelligent information from cybersecurity all over the world and letting them know how to actively protect their system.

The most valuable feature is you have the expertise of human experience directly involved. There is a team of experts.