IBM Forms ‘X-Force Red’ Security Testing Group

IBM red team

They’re not exactly “Wolverine” and “Rogue” of the X-Men fictional superhero franchise, but IBM is betting on its new X-Force Red unit of world-class cybersecurity experts to help the company continue the expansion of its security consulting and services business.

The company announced Aug. 2 that X-Force Red will consist of hundreds of security experts based in dozens of locations around the world. Their mission is to help businesses discover vulnerabilities in their computer networks, hardware, and software applications before cyber criminals do. The team, part of IBM Security Services, will also examine human security vulnerabilities in daily processes and procedures that attackers often use to circumvent security controls.

X-Force Red is the latest addition to IBM’s other X-Force divisions and will actively share threat intelligence with IBM X-Force Research, IBM X-Force Exchange threat sharing platform, and IBM Security AppScan.

Charles Henerson, Head of IBM's X-Force Red security testing team. (Photo: LinkedIn)
Charles Henderson, Head of IBM’s X-Force Red security testing team. (Photo: LinkedIn)

“Having a machine scan your servers and source code is a great step to help prevent data breaches, but the human element of security testing cannot be overlooked,” said Charles Henderson, the new global head of IBM X-Force Red. “Elite human testers can learn how an environment works and create unique attacks using techniques even more sophisticated than what the criminals have. IBM X-Force Red gives organizations the freedom to stay agile without creating blind spots in their security posture.”

IBM said in a statement that the new X-Force Red team will focus on four particular areas:

  • Application–Penetration testing and source code review to identify security vulnerabilities in Web, mobile, terminal, mainframe, and middleware platforms.
  • Network–Penetration testing of internal, external, wireless, and other radio frequencies.
  • Hardware–Verifying the security between the digital and physical realms by testing Internet of Things (IoT), wearable devices, point-of-sale (PoS) systems, ATMs, automotive systems, and self-checkout kiosks.
  • Human–Performing simulations of phishing campaigns, social engineering, ransomware, and physical security violations to determine risks of human behavior.

The company plans to offer X-Force Red services under three different contract models: individual projects, subscription-based testing, and managed testing programs.

IBM is coming out of a major corporate turnaround, which saw Big Blue move away from traditional hardware sales to what it called new “strategic imperatives,” such as cloud computing, mobile computing, and security. The company’s second-quarter security revenues were up 18 percent. Security accounts for about $2 billion of the $8 billion in revenue linked to the new strategic imperatives.

“In the second quarter we delivered double-digit revenue growth in our strategic imperatives, driven by innovations in areas such as analytics, security, cloud video services, and Watson Health, all powered by the IBM Cloud and differentiated by industry,” said Ginni Rometty, IBM chairman, president and chief executive officer, in a statement accompanying last month’s earnings report. “And we continue to invest for growth with recent breakthroughs in quantum computing, Internet of Things, and Blockchain solutions for the IBM Cloud.”

Dan Verton
About Dan Verton
MeriTalk Executive Editor Dan Verton is a veteran journalist and winner of the First Place Jesse H. Neal National Business Journalism Award for Best News Reporting -- the highest award in the nation for business/trade journalism. Dan earned a Master's Degree in Journalism and Public Affairs from American University in Washington, D.C., and has spent the last 20 years in the nation's capital reporting on government, enterprise technology, policy and national cybersecurity. He’s also a former intelligence officer in the United States Marine Corps, has authored three books on cybersecurity, and has testified on critical infrastructure protection before both House and Senate committees.
No Comments

    Leave a Reply


    Popular

    Recent