IBM Unleashes X-Force Red

IBM Security has formed an elite team of security professionals and ethical hackers, dubbed IBM X-Force Red.

The group is tasked to uncover vulnerabilities in computer networks, hardware and software applications, in a block-and-tackle move to get ahead of cybercriminals. Attackers looking for the next zero-day exploit constantly scrutinize existing technologies.

The team will also examine human security vulnerabilities in daily processes and procedures—social engineering opportunities or privileged access routes that attackers often use to circumvent security controls.

IBM X-Force Red is a global team with a network of hundreds of security professionals based in dozens of locations around the world, including the United States, the United Kingdom, Australia and Japan. It will be led by IBM's Charles Henderson.

Collectively, the team members have conducted security tests for the world’s largest brands and governments, with specialties spanning penetration testing, ethical hacking, social engineering and physical security testing. IBM X-Force Red shares security intelligence with IBM X-Force Research, IBM X-Force Exchange threat sharing platform, and IBM Security AppScan, while providing an additional layer of security testing through human insight.

“Having a machine scan your servers and source code is a great step to help prevent data breaches, but the human element of security testing cannot be overlooked,” said Henderson. “Elite human testers can learn how an environment works and create unique attacks using techniques even more sophisticated than what the criminals have. IBM X-Force Red gives organizations the freedom to stay agile without creating blind spots in their security posture.”

X-Force Red will have four focus areas:

  • Application: Penetration testing and source code review to identify security vulnerabilities in web, mobile, terminal, mainframe and middleware platforms
  • Network: Penetration testing of internal, external, wireless and other radio frequencies
  • Hardware: Verifying the security between the digital and physical realms by testing internet of things (IoT), wearable devices, point-of-sale (PoS) systems, ATMs, automotive systems and self-checkout kiosks
  • Human: Performing simulations of phishing campaigns, social engineering, ransomware and physical security violations to determine risks of human behavior

The move comes as malicious attacks against corporate assets are on the rise, with 64% more security incidents reported in 2015 than in 2014, according to IBM research. But as new solutions are brought online, security is often an afterthought. For example, another IBM study found that 33% of companies do not test mobile applications for security vulnerabilities.

Photo © Profit_Image

What’s Hot on Infosecurity Magazine?