IBM in its bet to help enterprises identify cyber threats and secure business networks, has announced the formation of X-Force Red, a team of security professionals and ethical hackers put together by Charles Henderson, Global Head, Security Testing and Threats and Global Head of X-Force Red, IBM. The team aims to help businesses discover vulnerabilities in their computer networks, hardware, and software applications before cybercriminals do. Existing within the fold of IBM Security Services, X-Force Red, also plans to examine human security vulnerabilities in daily processes and procedures that attackers often use to circumvent security controls.
Big Blue claims that it will be rolling out first with the United States, the United Kingdom, Australia and Japan. According to the website, with the help of IBM X-Force Red security experts, customers can better process vulnerability data from any tests, whether performed by IBM, in-house staff, or third parties.
IBM X-Force Red’s four focus areas are:
- Application – Penetration testing and source code review to identify security vulnerabilities in web, mobile, terminal, mainframe, and middleware platforms
- Network – Penetration testing of internal, external, wireless, and other radio frequencies
- Hardware – Verifying the security between the digital and physical realms by testing Internet of Things (IoT), wearable devices, point-of-sale (PoS) systems, ATMs, automotive systems, and self-checkout kiosks
- Human – Performing simulations of phishing campaigns, social engineering, ransomware, and physical security violations to determine risks of human behavior
“Having a machine scan your servers and source code is a great step to help prevent data breaches, but the human element of security testing cannot be overlooked. Elite human testers can learn how an environment works and create unique attacks using techniques even more sophisticated than what the criminals have. IBM X-Force Red gives organizations the freedom to stay agile without creating blind spots in their security posture,” said Henderson.
In another Security Intelligence blog by IBM, he continued to say that, “I’ve been involved with security testing long enough that creating one more pen testing team wouldn’t be very challenging or rewarding. (But) This is different, mostly because of IBM’s unparalleled stature in technical innovation. I wish that I could say we’re using quantum computing at X-Force Red. We’re not quite ready for that, but we still embody IBM’s innovative spirit.”
The team states to share security intelligence with IBM X-Force Research, IBM X-Force Exchange threat sharing platform, and IBM Security AppScan, while providing an additional layer of security testing through human creativity, insights, and experience.
According to the company, the security testing facilitated by X-Force Red suite can be availed in three models: individual projects, subscription-based testing, and managed testing programs. The subscription model offers significant budget flexibility by pre-allocating testing funds without defining specific testing targets or even test types. Managed testing programs are ideal for organizations without the security staff to determine testing priorities, document remediation requirements, and enforce policies, says the company.
Reportedly, all offerings by X-Force Red’s is built upon Vulnerability analytics which include vulnerability assessment and management for the full lifecycle of application and network deployments. With 64 percent more security incidents reported in 2015 than in 2014, according to the X-Force IBM Cyber Security Intelligence Index of April 2016, IBM aims to enable organizations, effectively manage risk and defend against emerging threats. IBM Security also boasts about monitoring around 35 billion security events per day in over 130 countries also, claims to hold over 3,000 security patents till date.