IBM X-Force Exchange Reviews

It's a threat intelligence platform, and we aim to enhance its intelligence by integrating additional security solutions.

It's an entire organization-wide integration rather than individual services. The integration allows all units within the organization to benefit collectively. The tool is designed to fit seamlessly into the organization’s structure, ensuring that every part can leverage the integration effectively.

It is very expensive.

I have been using IBM X-Force Exchange for over a year.

The product is stable.

I rate the solution’s stability a nine out of ten.

I rate the solution’s scalability a nine out of ten.

Response time of support is good.

Positive

The integration is quite easy because it's an API. It is easy to deploy and takes an hour to complete.

It doesn't directly reduce costs, but because we purchased it, it enhances the richness of the analysis and reduces the mean detection time by 30%.

It falls under the category of AI-embedded threat intelligence, which makes detection more efficient by reducing the rate of false positives and improving the overall detection rate.

When the threat intelligence alone doesn’t provide enough information, we use other methods to verify the threat. For example, IBM has its threat intelligence team and tools. If the threat intelligence doesn’t yield much information, the tool has a framework that can identify suspicious activity. We then use our judgment and experience to implement compensating controls, whether for a potentially malicious patch, IP address, or any other threat.

Customers benefit from it, even if they’re not directly integrating it. Through our service, they receive the benefits of the integration.

Overall, I rate the solution a nine out of ten.

Our primary use case is for threat intelligence. We are feeding intelligent information from cybersecurity all over the world and letting them know how to actively protect their system.

The most valuable feature is you have the expertise of human experience directly involved. There is a team of experts.

I would like to see better integration with other systems, solutions, and vendors.

I have been working with IBM X-Force for the past two years.

There is very good stability.

IBM X-Force is scalable.

Customer support is excellent.

Positive

The initial setup is straightforward and took around one month to implement.

I would rate IBM X-Force a nine out of ten.

IBM X-Force is a SaaS version. X-Force is integrated with a Security Intelligence Platform, but it's a SaaS version.

In short, we use a platform called the  a Security Intelligence Platform based on IBM Qradar SIEM, which is what we  enrich from the X-Force engine so that we actually get threat intel from IBM X-Force. We also different leverage on content packs that we download from X-Force. We have thousands of rules that come out of the box with QRadar, which is the SIEM platform. But we need to leverage X-Force to get real time threats feeds and have an understanding of what will be happening, and get advisory on issues such as  vulnerability numbers, malware names, MD5 hashes, IP addresses, and other characteristics to see if we have been compromised. We can check for 

• CVE or breach or malware threat to obtain more details regarding that coverage.

IBM X-Force has shortened our lifecycle for cyber security investigations. Threat analysis activity can take a lot of time. Providing this service to  customers require a quick turn around time . So besides using it in my data center, I have  multi-tenants SOC environment , with tenants belonging to other Customers that I monitor. So if a customer comes to me and says, "what does it exactly mean for us?" I can quickly leverage a tool that helps me to get quick visibility, quick understanding, quick investigation, quick drill down, and be able to close their offenses and issues as quick as I can. 

X-Force has the ability to integrate with other solutions such as Cisco Threat Grid cloud. It's quite intergrable so you can actually integrate and get all the threat intel such geography , blaclisted domains , hashes to watch out for , IP  , malware and URL information. Access to all this gives you some intelligence into what you're trying to investigate and what you will be trying to understand.

The  most valuable features I found include :

The ability to add a vulnerability report

Support for STIX and TAXII

Threat Feed Manager- While viewing X-Force reports, users can  enrich IP, URL and malware reports using threat intelligence

So suppose you're investigating an a possible threat and you just found that there is an offense that is saying, one of your users had  access to some honey port defined address  You can quickly leverage X-Force to help you by doing  an X-Force exchange look-up quickly. 

 If you have an aspect of interest, such as an email, file , vulnerability data for, you can leverage X-Force to understand this in-depth.

Focusing  on collecting tactical indicators of compromise (IOCs) like ,domains, IP addresses and hashes  sin not enough– teams need to map or act . We need More context on phishing , malware , botnets and Additional IOCs. We need highly actionable insights 

I have been using IBM X-Force for more than 36 months.

It is very stable. I've been comparing it with quite a number of other solutions. I also have seen , RSA Live , Cisco Threat Grid among others. RSA has a very interesting platform  called the RSA Live, which also provides threat protection feeds, warning feeds, and API integrations, like what X-Force does.

Basically, X-Force gives me a lot of comfort. I can quickly do my threat hunting activities in a few minutes and am able to find  relevant threat details to help me understand a possible threat and the associated risk.

IBM X-Force Exchange is a cloud-based threat intelligence platform ,that allows you to consume, share and act on threat intelligence. It enables you to rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts and collaborate with peers. IBM X-Force Exchange, supported by human- and machine-generated intelligence, leverages the scale of IBM X-Force to help users stay ahead of emerging threats.

Highly Scalable because of its SaaS offering approach

We're getting very good tech support. Very great support, actually.

They is a community, so we make us of XFE community before we go to the support. Probably something can help you there, but if not, you then have to call support.

The initial setup is pretty straightforward.

Having been personally involved with the Security Threat Intelligent platform deployments. I would say For big deployments, like in the financial services sector, they could be a lot of integrations.

Integration with X-Force takes less than a day , more time will be spent on Downloading  X-Force Rule Content for your Security Intelligence platform.

Deploying my security intelligence platform will take roughly six hours, but to have everything in place takes about two days - to have every log source integrated and every flow source integrated probably takes one  more week.

After setting up your Base Security Intelligence platform,  then go for your basic configs such as defining the network hierarchy. Add your log sources for events and flows. Add your applications of interest. Then integrate X-Force.

There has definitely been a good ROI. It takes away the pain and the headache of having large teams working on issues for days. Working in the security area can be a  pain if you cannot find closure to issues in the required time .

IBM has now gone the route  they term  Cloud Pak for Security . The IBM Cloud Pak for Security platform follows a modular pricing approach based on the size of a customer environment you are looking to secure.It gives a bit of flexibility

They have Fixed-for-term monthly fee, or a one-time fee with annual support ,Planned system expansion and costs, or one up-front price for unlimited scale over the term of your contract.  The choice is yours. 

I am Yet to come to terms with the MVS sizing approach beign used 

I would definitely recommend IBM X-Force. If you want to get threat intel and protection feed, and you require to integrate with other Threat Intel Feeds through STIX & TAXII  go for XFE.

If you are looking to get early warning and timely feeds, and you require faster investigation times with  enrichment of your Security Intelligence platforms relevant intel that speaks to what is current and want to protect your environment from, you will have to leverage  a trusted threat intelligence platform equivalent to that of X-Force .

If you want to speed your security threat identification with what you call actionable threat intel that will seamlessly integrate with your other security tools, you need to ensure that you  leverage  X-Force.

On a scale of one to ten, I would rate IBM X-Force an eight.

The primary use case for the solution is for incident response and detecting threats.

We are using the latest version of the exposed rack.

It has a lot of artificial intelligence features. It helps us detect a lot of threats. What is more important, we are able to sense and detect more threats than what we are able to predict today. IBM is investing more into AI and other areas at the moment.

This product has helped to increase staff productivity. For example, two years from now, we may end up letting go five to ten people more from a SOC analyst standpoint.

It has a lot more AI capability in terms of trying to understand the nature of threats and detect some of those major threats.

I would like a lot more AI capabilities in terms of trying to contextualize more information happening in the IT department, then correlate it into this product. This type of information would ensure that we understand attacks before they happen from a release standpoint and have good releases in the future.

Right now, we see IBM as an industry leader, and we are happy with that. However, more can be done with Watson and other product capabilities within that group. I would like to see this added into the product in the future to improve mean time to detect and mean time to respond.

Therefore, we would like to have more AI capabilities to detect threats and improve its productivity from a cybersecurity standpoint.

It has a lot of stability.

I don't face any issues with the scalability. It is a good product.

The solution support is good. 

The customer support is good. 

We don't have any issues with it.

This was the first time that we brought in this type of tool.

The initial setup is complex. A lot of devices need to be integrated into this tool for us to analyze all of the threats.

We used someone for the deployment whom I cannot name. I wish they had more technical staff to better deploy this product for us.

One of the fastest ways to cut costs is reducing staff, and this product can reduce staff by 70 percent.

The cost of a breach could have impacted the revenue of the company. It could have brought the shareholders' value down. From this standpoint, it becomes very important for us to understand the magnitude of each breach and see how well we are able to protect ourselves.

Cost is clearly a consideration, but the important thing is what we do with the data and how we protect it.

Look for tools that has a lot more AI capability. There is two aspects to it: Learning the AI and training AI. At this point, the industry is more at the point of learning the AI.

The tool is a good. It's a good product. IBM is clearly a leader in the industry.

We have all aspects of security: compliance, identity management, security incident and event management, and application security. The tool came in to compliment a lot of efforts that we had already been doing.