IBM’s 700TB security threat database enters the cloud. Look to the heavens, hackers
'Think of it as Pinterest for security'
IBM is putting its massive threat database up into the cloud for researchers, IT administrators, and anyone else to access in the hope of fundamentally changing how security companies defend against attackers.
"Information sharing is something that has been discussed in legislation, within the industry, and between companies but very little action has been taken," Caleb Barlow, veep at IBM Security, told The Register.
"The reality is that attackers are well educated and they collaborate like crazy but the defenders aren’t collaborating to a level we want and we can't wait any more. So we thought if we're really going to solve the problem we have to step up and lead."
The project, which started about a year ago, will see Big Blue's 700 terabyte archive of security data go online in an archive dubbed the 'IBM X-Force Exchange'.
This includes malware threat intelligence from 270 million end users, threat information on 25 billion websites, and images and details of more than a million IP addresses linked to hacking.
In addition, the firm is including a library of APIs and software tools to allow third parties to either use the data to harden up their own defenses, or add to it.
Researchers will be able to annotate data and, hopefully, other companies will also add to the ever-increasing databases to make it more useful for others.
"Think of it as Pinterest for security," Barlow said. "The data is set up so that you can tag it, share it, and add to it, as needs be."
For commercial users IBM will also be structuring the data to comply with two forthcoming standards for security information sharing: TAXII, the Trusted Automated eXchange of Indicator Information and STIX, the Structured Threat Information eXpression.
The IBM X-Force Exchange will be officially unveiled next week at the RSA 2015 conference and IBM will start signing up people who wish to access it.
Barlow said the firm would be taking precautions to make sure that only legitimate users can access the information before opening it up fully.
In the longer term, Barlow said he hopes other companies will join in the exchange and feed in their own data. This can easily be done anonymously, and should make the archive even more useful at blocking computer attacks. ®