How IBM Security is helping cybersecurity pros collaborate like the bad guys

Attackers have long shared their exploits, code, and methods, while defenders remained siloed. IBM Security created the X-Force Exchange platform as a way to share threat intelligence.

How IBM Security is helping the good guys collaborate like the bad guys

At the 2018 RSA Conference, TechRepublic editor Jason Hiner spoke with Sridhar Muppidi, Co-CTO of IBM Security about the company's efforts to help cybersecurity teams collaborate like the attackers they're working against.

Watch the video, or read the full transcript of their conversation below:

Muppidi: We think collaboration, just like the bad guys are collaborating with each other with sharing attack pipes and data. Similarly, the good guys have to collaborate with each other so that we can provide a better and more secure and robust systems. So we talk about how do we share the good intelligence. We also talk about sharing good practices, so that we can then build more robust systems which are a lot more secure.

It's the same concept of open source model, where you provide some level of intellectual capital with an opportunity to bring in a bigger community together so that we can take the problem and solve it better and faster. And learn from each other's mistakes and each other's advancement so that it can help, individually, each of our offerings. So, end of the day, for a topic like AI, the algorithm is going to be an algorithm. It's the data, it's the models, it's the set of things which go around it which make it very robust and reliable.

SEE: IT leader's guide to cyberattack recovery (Tech Pro Research)

IBM Security started with collaboration a few years ago. We started this X-Force Exchange as a portal to be able to exchange and share tech intelligence. This is about reputation of an IP address. You can go and type in a specific IP address and it'll help you understand how good or bad it is and the risk associated with that. More recently, we partnered with a clearing house called PCH for a project called Quad9. So when you change your DNS to, it helps you with not only detecting bad DNS domains and it helps you in terms of protecting against source. So, our sharing of a open source AI toolkit goes on the same lines of sharing best practices and attack methods and different methods for the AI.

Hiner: X-Force has also done some research as well that it's released, am I remembering that right?

Muppidi: Yeah, yeah.

Hiner: Is that part of this whole initiative as well?

Muppidi: Exactly, exactly. And X-Force is our research community, it's a research brand in terms of how we are learning from a number of honey pots, number of research so that we can then empower products to be based on some level of threat and fraud resilient.

SEE: 10 ways to raise your users' cybersecurity IQ (free PDF) (TechRepublic)

Some of the findings from this X-Force team are things like attacks on specific systems, like IoTs or applications. We publish that as a research to say what are the patterns of attacks that they're seeing, that then introduces a set of best practices. For example, about a year ago we found that many attacks are happening at the application level. It prompted us to give some guidance to say, "You need to think about DevSecOps, be able to introduce testing and security. Write your earlier part of the development lifecycle so that you can save millions of dollars in trying to catch the problem sooner than trying to fix it later."

We also share DNA analytics and IP reputation and it's fairly open to say anybody can use an API and come back with information about an IP address they can then work with.

Also see:

Image: iStock/gorodenkoff