IBM Launches X-Force Red Pen Testing Task Force

IBM has created a new security squadron composed of ethical hackers and cybersecurity professionals with the goal of testing weaknesses in enterprise security before cybercriminals can attack.

The group is called X-Force Red, an apt amalgamation that true American patriots and X-Wing pilot Luke Skywalker would be proud of.

The team, part of IBM Security Services, will also examine human security vulnerabilities in daily processes and procedures that attackers often use to get around security.

Global network

X-Force Red will be led by IBM’s Charles Henderson, a penetration testing expert. The team will also draw on a global network of hundreds of security professionals based in dozens of locations around the world, including the United States, the United Kingdom, Australia and Japan.

“Having a machine scan your servers and source code is a great step to help prevent data breaches, but the human element of security testing cannot be overlooked,” said Henderson.

“Elite human testers can learn how an environment works and create unique attacks using techniques even more sophisticated than what the criminals have. IBM X-Force Red gives organizations the freedom to stay agile without creating blind spots in their security posture.”

X-Force Red will have four focus areas, according to IBM: application, network, hardware and human.

The application aspect will carry out penetration testing and source code review to find vulnerabilities in web, mobile, terminal, mainframe and middleware platforms. On networks, X-Force Red will conduct penetration testing of internal, external, wireless and other radio frequencies.

In hardware, IBM will look at verifying the security between the digital and physical realms by testing IoT, PoS systems, ATMs and wearable devices. X-Force Red will also perform simulations of phishing campaigns, social engineering, ransomware and physical security violations to determine the risks of human behaviour.

IBM X-Force Red provides security testing services in three models: individual projects, subscription-based testing, and managed testing programs. The subscription model offers significant costflexibility by pre-allocating testing funds without defining specific testing targets or even test types, claims IBM.

IBM said that the managed testing programs are ideal for customers without the security staff to determine testing priorities, document remediation requirements, and enforce policies.

Take our cybersecurity in 2016 quiz here!