IBM Security Channels Its Inner XMen with Launch of IBM XForce Red Security Division

Someone in charge of naming divisions at IBM must have been a big Sci-Fi fan as is evidenced with IBM Security’s name for the a news security task force - IBM X-Force Red. 

Yep, that’s the name for a new group of IBM security professionals and ethical hackers whose goal is to help businesses discover vulnerabilities in their computer networks, hardware, and software applications. All they are missing are some cool team member names like Professor Cryptovirus, FireSheep, and Man in the Middle.

Ok, enough joking around. The team, part of IBM Security Services, will examine human security vulnerabilities in daily processes and procedures that attackers often use to circumvent security controls. It will be led by IBM's Charles Henderson, a world-renowned penetration testing expert. IBM X-Force Red is a global team with a network of hundreds of security professionals based in dozens of locations around the world, including the United States, the United Kingdom, Australia and Japan.

The security testing professionals of IBM X-Force Red bring expertise from across multiple industries like healthcare, financial services, retail, manufacturing and the public sector. Collectively, they have conducted security tests for the world’s largest brands and governments including penetration testing, ethical hacking, social engineering, and physical security testing. IBM X-Force Red shares security intelligence with IBM X-Force Research, IBM X-Force Exchange threat sharing platform, and IBM Security AppScan, while providing an additional layer of security testing through human creativity, insights, and experience.

 “Having a machine scan your servers and source code is a great step to help prevent data breaches, but the human element of security testing cannot be overlooked,” said Charles Henderson, Global Head of Security Testing and X-Force Red, IBM Security. “Elite human testers can learn how an environment works and create unique attacks using techniques even more sophisticated than what the criminals have. IBM X-Force Red gives organizations the freedom to stay agile without creating blind spots in their security posture.”

- Application: Penetration testing and source code review to identify security vulnerabilities in web, mobile, terminal, mainframe, and middleware platforms.

- Network: Penetration testing of internal, external, wireless, and other radio frequencies.

- Hardware: Verifying the security between the digital and physical realms by testing Internet of Things (IoT), wearable devices, point-of-sale (PoS) systems, ATMs, automotive systems, and self-checkout kiosks.

- Human: Performing simulations of phishing campaigns, social engineering, ransomware, and physical security violations to determine risks of human behavior.

IBM X-Force Red provides security testing services in three models: individual projects, subscription-based testing, and managed testing programs. The subscription model offers significant budget flexibility by pre-allocating testing funds without defining specific testing targets or even test types. Managed testing programs are ideal for organizations without the security staff to determine testing priorities, document remediation requirements, and enforce policies.

All of the models include vulnerability analytics designed to improve the efficiency and impact of security testing programs. This approach gives companies increased elasticity of security spend and testing on demand, including vulnerability assessment and management for the full lifecycle of application and network deployments.