IBM X-Force Review

Speed threat assessment ,security investigations leveraging on real time actionable threat intel integrated to your Security Intelligence Platform


What is our primary use case?

IBM X-Force is a SaaS version. X-Force is integrated with a Security Intelligence Platform, but it's a SaaS version.

In short, we use a platform called the  a Security Intelligence Platform based on IBM Qradar SIEM, which is what we  enrich from the X-Force engine so that we actually get threat intel from IBM X-Force. We also different leverage on content packs that we download from X-Force. We have thousands of rules that come out of the box with QRadar, which is the SIEM platform. But we need to leverage X-Force to get real time threats feeds and have an understanding of what will be happening, and get advisory on issues such as  vulnerability numbers, malware names, MD5 hashes, IP addresses, and other characteristics to see if we have been compromised. We can check for 

  • CVE or breach or malware threat to obtain more details regarding that coverage.

How has it helped my organization?

IBM X-Force has shortened our lifecycle for cyber security investigations. Threat analysis activity can take a lot of time. Providing this service to  customers require a quick turn around time . So besides using it in my data center, I have  multi-tenants SOC environment , with tenants belonging to other Customers that I monitor. So if a customer comes to me and says, "what does it exactly mean for us?" I can quickly leverage a tool that helps me to get quick visibility, quick understanding, quick investigation, quick drill down, and be able to close their offenses and issues as quick as I can. 

X-Force has the ability to integrate with other solutions such as Cisco Threat Grid cloud. It's quite intergrable so you can actually integrate and get all the threat intel such geography , blaclisted domains , hashes to watch out for , IP  , malware and URL information. Access to all this gives you some intelligence into what you're trying to investigate and what you will be trying to understand.

What is most valuable?

The  most valuable features I found include :

The ability to add a vulnerability report

Support for STIX and TAXII

Threat Feed Manager- While viewing X-Force reports, users can  enrich IP, URL and malware reports using threat intelligence

So suppose you're investigating an a possible threat and you just found that there is an offense that is saying, one of your users had  access to some honey port defined address  You can quickly leverage X-Force to help you by doing  an X-Force exchange look-up quickly. 

 If you have an aspect of interest, such as an email, file , vulnerability data for, you can leverage X-Force to understand this in-depth.

What needs improvement?

Focusing  on collecting tactical indicators of compromise (IOCs) like ,domains, IP addresses and hashes  sin not enough– teams need to map or act . We need More context on phishing , malware , botnets and Additional IOCs. We need highly actionable insights 

For how long have I used the solution?

I have been using IBM X-Force for more than 36 months.

What do I think about the stability of the solution?

It is very stable. I've been comparing it with quite a number of other solutions. I also have seen , RSA Live , Cisco Threat Grid among others. RSA has a very interesting platform  called the RSA Live, which also provides threat protection feeds, warning feeds, and API integrations, like what X-Force does.

Basically, X-Force gives me a lot of comfort. I can quickly do my threat hunting activities in a few minutes and am able to find  relevant threat details to help me understand a possible threat and the associated risk.

What do I think about the scalability of the solution?


IBM X-Force Exchange is a cloud-based threat intelligence platform ,that allows you to consume, share and act on threat intelligence. It enables you to rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts and collaborate with peers. IBM X-Force Exchange, supported by human- and machine-generated intelligence, leverages the scale of IBM X-Force to help users stay ahead of emerging threats.

Highly Scalable because of its SaaS offering approach

How are customer service and technical support?

We're getting very good tech support. Very great support, actually.

They is a community, so we make us of XFE community before we go to the support. Probably something can help you there, but if not, you then have to call support.

How was the initial setup?

The initial setup is pretty straightforward.

Having been personally involved with the Security Threat Intelligent platform deployments. I would say For big deployments, like in the financial services sector, they could be a lot of integrations.

Integration with X-Force takes less than a day , more time will be spent on Downloading  X-Force Rule Content for your Security Intelligence platform.

Deploying my security intelligence platform will take roughly six hours, but to have everything in place takes about two days - to have every log source integrated and every flow source integrated probably takes one  more week.

After setting up your Base Security Intelligence platform,  then go for your basic configs such as defining the network hierarchy. Add your log sources for events and flows. Add your applications of interest. Then integrate X-Force.

What was our ROI?

There has definitely been a good ROI. It takes away the pain and the headache of having large teams working on issues for days. Working in the security area can be a  pain if you cannot find closure to issues in the required time .

What's my experience with pricing, setup cost, and licensing?

IBM has now gone the route  they term  Cloud Pak for Security . The IBM Cloud Pak for Security platform follows a modular pricing approach based on the size of a customer environment you are looking to secure.It gives a bit of flexibility

They have Fixed-for-term monthly fee, or a one-time fee with annual support ,Planned system expansion and costs, or one up-front price for unlimited scale over the term of your contract.  The choice is yours. 

I am Yet to come to terms with the MVS sizing approach beign used 

What other advice do I have?

I would definitely recommend IBM X-Force. If you want to get threat intel and protection feed, and you require to integrate with other Threat Intel Feeds through STIX & TAXII  go for XFE.

If you are looking to get early warning and timely feeds, and you require faster investigation times with  enrichment of your Security Intelligence platforms relevant intel that speaks to what is current and want to protect your environment from, you will have to leverage  a trusted threat intelligence platform equivalent to that of X-Force .

If you want to speed your security threat identification with what you call actionable threat intel that will seamlessly integrate with your other security tools, you need to ensure that you  leverage  X-Force.

On a scale of one to ten, I would rate IBM X-Force an eight.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

IBM
**Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Find out what your peers are saying about IBM, Anomali, ThreatQuotient and others in Threat Intelligence Platforms. Updated: May 2021.
509,570 professionals have used our research since 2012.
Add a Comment
Guest