A version of this post titled “Big Blue’s red team” originally appeared in the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter.
Last fall I visited IBM’s security group at the company’s offices in New York. A few members of the team had brought me in to show off some “dark web” destinations, hidden websites accessible only via a special browser (called Tor). On the screen before us: weapons, drugs, malicious software—you name it, all for sale.
Needless to say, it’s strange to sit in a conference room with professional contacts when offers for illegal narcotics are quite literally on the table.
The purpose of the meeting was to exchange information about these underground markets. Investigating what so-called crimeware hackers are auctioning online helps analysts (and reporters) keep abreast of the latest cyber threats. This sharing is very much a part of the IBM
unit’s business strategy, I learned.
“One of the biggest problems in cybersecurity is hackers collaborating, sharing data and software,” Marc van Zadelhoff, who took the reins of the security group at the beginning of the year, told me later. Previously the unit’s vice president of worldwide strategy and product management, Zadelhoff assumed the top spot after Brendan Hannigan stepped down as general manager. (Hannigan had joined after IBM bought his security intelligence software-maker, Q1 Labs, in 2011.)
Subscribe to Data Sheet, Fortune’s daily newsletter on the business of technology.
“We’re sharing data through X-Force Exchange,” Zadelhoff said, referencing the company’s threat intelligence platform, which IBM opened up for anyone to use free of charge last year. (Other companies like Facebook
have taken a similar approach with ThreatExchange, a kind of social network for defenders of computer networks.) “Now we’ve added a security app exchange so our partners, vendors, and customers can build and share apps on top.”
Why give away precious data on attackers at no cost? Simple: IBM: aims to commoditize threat intelligence. By giving that intel away, the company hopes to become the foundation on which the information security industry relies. Then the company can use that leverage to sell other services. The bet is that IBM’s analysis, not its endless reams of raw data, will be the moneymaker.
For more on IBM, watch:
Zadelhoff calls this his three “c” strategy: cloud, collaboration, cognitive. Cloud is the mechanism of distribution; collaboration involves sharing threat feeds and code; and cognitive refers to the value added analysis layer. (Expect announcements involving Watson integration, the company’s analytic AI engine, this year, I’m told.)
So far the program appears to be working. IBM’s security group posted $2 billion in revenue for 2015, growing 12% over the previous year, according to an earnings report the company issued last month. More than 2,000 organizations are already signed up for the exchange.
Criminals have found a similar strategy—swapping intel and trading off-the-shelf tools—to be quite lucrative of late. Big Blue prudently takes its cue from those baddies. The difference is in the wares: cyber bulwarks versus contraband and botnets.