IBM X-Force is a SaaS version. X-Force is integrated with a Security Intelligence Platform, but it's a SaaS version.
In short, we use a platform called the a Security Intelligence Platform based on IBM Qradar SIEM, which is what we enrich from the X-Force engine so that we actually get threat intel from IBM X-Force. We also different leverage on content packs that we download from X-Force. We have thousands of rules that come out of the box with QRadar, which is the SIEM platform. But we need to leverage X-Force to get real time threats feeds and have an understanding of what will be happening, and get advisory on issues such as vulnerability numbers, malware names, MD5 hashes, IP addresses, and other characteristics to see if we have been compromised. We can check for
- CVE or breach or malware threat to obtain more details regarding that coverage.
IBM X-Force has shortened our lifecycle for cyber security investigations. Threat analysis activity can take a lot of time. Providing this service to customers require a quick turn around time . So besides using it in my data center, I have multi-tenants SOC environment , with tenants belonging to other Customers that I monitor. So if a customer comes to me and says, "what does it exactly mean for us?" I can quickly leverage a tool that helps me to get quick visibility, quick understanding, quick investigation, quick drill down, and be able to close their offenses and issues as quick as I can.
X-Force has the ability to integrate with other solutions such as Cisco Threat Grid cloud. It's quite intergrable so you can actually integrate and get all the threat intel such geography , blaclisted domains , hashes to watch out for , IP , malware and URL information. Access to all this gives you some intelligence into what you're trying to investigate and what you will be trying to understand.