IBM X-Force Red is a global team with a network of hundreds of security professionals based in dozens of locations around the world
IBM Security has formed IBM X-Force Red, a group of security professionals and ethical hackers whose aim is to help businesses discover vulnerabilities in their computer networks, hardware, and software applications before cybercriminals do.
The team, part of IBM Security Services, will also examine human security vulnerabilities in daily processes and procedures that attackers often use to circumvent security controls.
IBM’s Charles Henderson, a world-renowned penetration-testing expert, who takes the title of Global Head of Security Testing and X-Force Red, IBM Security, will lead the new team.
IBM X-Force Red is a global team with a network of hundreds of security professionals based in dozens of locations around the world, including the US, UK, Australia and Japan.
The security testing professionals of IBM X-Force Red bring expertise from across multiple industries like healthcare, financial services, retail, manufacturing and the public sector. Collectively, they have conducted security tests for the world’s largest brands and governments including penetration testing, ethical hacking, social engineering, and physical security testing.
IBM X-Force Red shares security intelligence with IBM X-Force Research, IBM X-Force Exchange threat sharing platform, and IBM Security AppScan, while providing an additional layer of security testing through human creativity, insights, and experience.
Malicious attacks against corporate assets are on the rise, with 64 per cent more security incidents reported in 2015 than in 2014. However, as more solutions are brought online, security is often an afterthought. For example, an IBM study found that 33 percent of companies do not test mobile applications for security vulnerabilities.
Attackers looking for the next zero-day exploit constantly scrutinise existing technologies; these technologies require periodic security testing to maintain their integrity.
“Having a machine scan your servers and source code is a great step to help prevent data breaches, but the human element of security testing cannot be overlooked,” said Charles Henderson.
“Elite human testers can learn how an environment works and create unique attacks using techniques even more sophisticated than what the criminals have. IBM X-Force Red gives organisations the freedom to stay agile without creating blind spots in their security posture.”
IBM X-Force Red’s four focus areas are:
IBM X-Force Red provides security-testing services in three models: individual projects, subscription-based testing, and managed testing programmes. All models include vulnerability analytics designed to improve the efficiency and impact of security testing programmes. This approach provides companies increased elasticity of security spend and powerful testing on demand, including vulnerability assessment and management for the full lifecycle of application and network deployments.
IBM operates one of the world’s broadest security research, development and delivery organisations, monitoring 35 billion security events per day in more than 130 countries, and holds more than 3,000 security patents.