Light Dark
November 17, 2016 By John Wheeler 3 min read
X-Force
CISO
Incident Response
Security Services

In case you missed all the excitement yesterday, we proudly held two major events in Cambridge, Massachusetts, and Atlanta, Georgia, where we unveiled the new IBM X-Force Incident Response Intelligence Services (IRIS) team and told the world about our new global X-Force Command Centers and Cyber Range.

At both locations, we hosted industry and global thought leaders from government agencies, including the FBI and former counterterrorism leaders, as well as academia. We also hosted our own team of experts in incident response (IR) and managed security services (MSS).

Prepare, Prioritize and Respond

It’s straightforward and simple — we are addressing an important fact. It is critical that organizations prepare, prioritize and respond to the inevitability of a cyberbreach, whether at the hands of highly skilled and motivated external actors or insiders. We too often see the damages exponentially amplified by organizations that lack the proper planning and preparation to take precise and immediate actions when reactions are measured in minutes and hours. Failure to prepare often causes more damage than the attack itself.

Clients require innovation combined with expertise in world-class incident response and threat intelligence to detect, contain and prevent attacks quickly enough to minimize impact to customers and operations.

We’ve all heard about the catastrophic losses many organizations have faced. The key to reducing the impact of a breach is proactive planning and preparedness. Yesterday’s launch demonstrates IBM’s commitment to helping organizations address their cyberattack readiness and treat it from a multidimensional perspective.

1. Rehearsal and Crisis Leadership

With the rising need to organize and respond to cyberattacks such as distributed denial-of-service (DDoS) or ransomware, IT and security leaders need to train like any other defense force. Just like pilots use simulators to train for flight emergencies, the new IBM Cyber Range is designed to simulate a breach and help teams develop a more effective cyber resilience strategy and coordinated response plan.

Related: Crisis Leadership: The Missing Link in Cyberattack Defense

The Cyber Range delivers simulations of common breaches and sophisticated attack scenarios that bring technical experts and executive decision-makers together, bridging a divide that often leaves organizations temporarily impaired when high-profile incidents occur. The simulation enables teams to practice and learn from their mistakes before they have to face a real breach. Through this type of practice, analysts can become adaptive. This alone can save a significant amount of time in response and investigation, which is often the most costly part of a breach.

2. Innovation in Detection and Response

The primary challenge for many organizations in dealing with a breach is often resources. Humans are limited in their ability to analyze and disseminate attack information and to share that information as fast as a network. Given the unprecedented speed and frequency with which cyberattacks are being leveled daily, organizations turn to MSS to combat the magnitude of data flooding their staff and systems.

The new IBM X-Force Command Centers are built to scale global collaboration and integration of intelligence, people and technology to help respond to threats in facilities across Europe, North America, South America and Asia-Pacific. On constant watch, X-Force Command Centers are capable of processing more than 35 billion security events daily for more than 4,500 clients across 133 countries.

Our analysts can now tap into Watson for Cyber Security, equipping them with rapid access to large amounts of data unlike any other security operations center on earth. This cognitive advancement represents an important enhancement in speed and data analysis.

Learn more about the Role of Cyber Ranges in Security Incident Response Planning

3. Expertise and Experience

Preparing a proactive and effective cyber resilience strategy can be an unnerving challenge for even the most experienced security teams, especially when developed in the absence of key executive decision-makers across the C-suite. And for those who have assembled a plan, a breach can still occur and take many by surprise.

Our newly unveiled X-Force Incident Response and Intelligence Services (IRIS) Team, under the leadership of Wendi Whitmore, brings expertise and services in threat intelligence and forensics to help organizations build comprehensive, proactive incident response, along with establishing threat intelligence and remediation strategies. According to a recent report, 94 percent of C-level executives believe there is some probability that their company will experience a significant cybersecurity incident in the next two years. They need to be prepared.

Related: IBM X-Force IRIS: Bringing a New Approach to Incident Response

We think there are several strategies and approaches that can greatly affect the outcome of a future breach. With our investment in Resilient Systems earlier this year, combined with our commitment to growing our portfolio with the X-Force Command Centers, Cyber Range and IRIS Team, we are dedicated to helping organizations conquer the complexities of incident response and threat intelligence. Like any solid business continuity and disaster recovery plan, cyber resilience requires an investment in rigorous preparation, planning and testing. That way, in moments of chaos, the cool and collected prevail.

 |  |  |  | 
John Wheeler
BISO IBM Security and VP of Integrated Solutions

More from X-Force
February 21, 2025

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

February 14, 2025

Smoltalk: RCE in open source agents

26 min read - Big shoutout to Hugging Face and the smolagents team for their cooperation and quick turnaround for a fix! Introduction Recently, I have been working on a side project to automate some pentest reconnaissance with AI agents. Just after I started this project, Hugging Face announced the release of smolagents, a lightweight framework for building AI agents that implements the methodology described in the ReAct paper, emphasizing reasoning through iterative decision-making. Interestingly, smolagents enables agents to reason and act by generating…

January 17, 2025

Being a good CLR host – Modernizing offensive .NET tradecraft

14 min read - The modern red team is defined by its ability to compromise endpoints and take actions to complete objectives. To achieve the former, many teams implement their own custom command-and-control (C2) or use an open-source option. For the latter, there is a constant stream of post-exploitation tooling being released that takes advantage of various features in Windows, Active Directory and third-party applications. The execution mechanism for this tooling has, for the last several years, relied heavily on executing .NET assemblies in…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature