We changed our name from IT Central Station: Here's why

IBM X-Force OverviewUNIXBusinessApplication

IBM X-Force is #10 ranked solution in top Threat Intelligence Platforms. PeerSpot users give IBM X-Force an average rating of 8 out of 10. IBM X-Force is most commonly compared to IBM QRadar: IBM X-Force vs IBM QRadar. The top industry researching this solution are professionals from a computer software company, accounting for 34% of all views.
What is IBM X-Force?
IBM X-Force Exchange is a cloud-based threat intelligence sharing platform enabling users to rapidly research the latest security threats, aggregate actionable intelligence and collaborate with peers. IBM X-Force Exchange is supported by human- and machine-generated intelligence leveraging the scale of IBM X-Force.

IBM X-Force was previously known as X-Force Exchange, X-Force.

Buyer's Guide

Download the Threat Intelligence Platforms Buyer's Guide including reviews and more. Updated: January 2022

IBM X-Force Video

IBM X-Force Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
InnocentMapanga
IT Infrastructure Security Lead at South Consult / Phakalane Data Center
Real User
Top 5
Speed threat assessment ,security investigations leveraging on real time actionable threat intel integrated to your Security Intelligence Platform
Pros and Cons
  • "It's quite integratable so you can actually integrate and get IP malware and URL information. It also gives you some form of intelligence into what you're trying to investigate or what you're trying to understand."
  • "You have to look for the new information from X-Force. X-Force will provide it but you have to look for it. We need clearer visibility."

What is our primary use case?

IBM X-Force is a SaaS version. X-Force is integrated with a Security Intelligence Platform, but it's a SaaS version.

In short, we use a platform called the  a Security Intelligence Platform based on IBM Qradar SIEM, which is what we  enrich from the X-Force engine so that we actually get threat intel from IBM X-Force. We also different leverage on content packs that we download from X-Force. We have thousands of rules that come out of the box with QRadar, which is the SIEM platform. But we need to leverage X-Force to get real time threats feeds and have an understanding of what will be happening, and get advisory on issues such as  vulnerability numbers, malware names, MD5 hashes, IP addresses, and other characteristics to see if we have been compromised. We can check for 

  • CVE or breach or malware threat to obtain more details regarding that coverage.

How has it helped my organization?

IBM X-Force has shortened our lifecycle for cyber security investigations. Threat analysis activity can take a lot of time. Providing this service to  customers require a quick turn around time . So besides using it in my data center, I have  multi-tenants SOC environment , with tenants belonging to other Customers that I monitor. So if a customer comes to me and says, "what does it exactly mean for us?" I can quickly leverage a tool that helps me to get quick visibility, quick understanding, quick investigation, quick drill down, and be able to close their offenses and issues as quick as I can. 

X-Force has the ability to integrate with other solutions such as Cisco Threat Grid cloud. It's quite intergrable so you can actually integrate and get all the threat intel such geography , blaclisted domains , hashes to watch out for , IP  , malware and URL information. Access to all this gives you some intelligence into what you're trying to investigate and what you will be trying to understand.

What is most valuable?

The  most valuable features I found include :

The ability to add a vulnerability report

Support for STIX and TAXII

Threat Feed Manager- While viewing X-Force reports, users can  enrich IP, URL and malware reports using threat intelligence

So suppose you're investigating an a possible threat and you just found that there is an offense that is saying, one of your users had  access to some honey port defined address  You can quickly leverage X-Force to help you by doing  an X-Force exchange look-up quickly. 

 If you have an aspect of interest, such as an email, file , vulnerability data for, you can leverage X-Force to understand this in-depth.

What needs improvement?

Focusing  on collecting tactical indicators of compromise (IOCs) like ,domains, IP addresses and hashes  sin not enough– teams need to map or act . We need More context on phishing , malware , botnets and Additional IOCs. We need highly actionable insights 

For how long have I used the solution?

I have been using IBM X-Force for more than 36 months.

What do I think about the stability of the solution?

It is very stable. I've been comparing it with quite a number of other solutions. I also have seen , RSA Live , Cisco Threat Grid among others. RSA has a very interesting platform  called the RSA Live, which also provides threat protection feeds, warning feeds, and API integrations, like what X-Force does.

Basically, X-Force gives me a lot of comfort. I can quickly do my threat hunting activities in a few minutes and am able to find  relevant threat details to help me understand a possible threat and the associated risk.

What do I think about the scalability of the solution?


IBM X-Force Exchange is a cloud-based threat intelligence platform ,that allows you to consume, share and act on threat intelligence. It enables you to rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts and collaborate with peers. IBM X-Force Exchange, supported by human- and machine-generated intelligence, leverages the scale of IBM X-Force to help users stay ahead of emerging threats.

Highly Scalable because of its SaaS offering approach

How are customer service and technical support?

We're getting very good tech support. Very great support, actually.

They is a community, so we make us of XFE community before we go to the support. Probably something can help you there, but if not, you then have to call support.

How was the initial setup?

The initial setup is pretty straightforward.

Having been personally involved with the Security Threat Intelligent platform deployments. I would say For big deployments, like in the financial services sector, they could be a lot of integrations.

Integration with X-Force takes less than a day , more time will be spent on Downloading  X-Force Rule Content for your Security Intelligence platform.

Deploying my security intelligence platform will take roughly six hours, but to have everything in place takes about two days - to have every log source integrated and every flow source integrated probably takes one  more week.

After setting up your Base Security Intelligence platform,  then go for your basic configs such as defining the network hierarchy. Add your log sources for events and flows. Add your applications of interest. Then integrate X-Force.

What was our ROI?

There has definitely been a good ROI. It takes away the pain and the headache of having large teams working on issues for days. Working in the security area can be a  pain if you cannot find closure to issues in the required time .

What's my experience with pricing, setup cost, and licensing?

IBM has now gone the route  they term  Cloud Pak for Security . The IBM Cloud Pak for Security platform follows a modular pricing approach based on the size of a customer environment you are looking to secure.It gives a bit of flexibility

They have Fixed-for-term monthly fee, or a one-time fee with annual support ,Planned system expansion and costs, or one up-front price for unlimited scale over the term of your contract.  The choice is yours. 

I am Yet to come to terms with the MVS sizing approach beign used 

What other advice do I have?

I would definitely recommend IBM X-Force. If you want to get threat intel and protection feed, and you require to integrate with other Threat Intel Feeds through STIX & TAXII  go for XFE.

If you are looking to get early warning and timely feeds, and you require faster investigation times with  enrichment of your Security Intelligence platforms relevant intel that speaks to what is current and want to protect your environment from, you will have to leverage  a trusted threat intelligence platform equivalent to that of X-Force .

If you want to speed your security threat identification with what you call actionable threat intel that will seamlessly integrate with your other security tools, you need to ensure that you  leverage  X-Force.

On a scale of one to ten, I would rate IBM X-Force an eight.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

IBM
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate