IBM Security has formed ’X-Force Red’, a group of hundreds of security professionals and ethical hackers who discover vulnerabilities in computer networks, hardware, and software applications for businesses.

The team will also look at human security vulnerabilities, exploring areas such as social engineering and ransomware.

X-Force Red
Doctor Nemesis inspects a rack – IBM

The human touch

Led by Charles Henderson, X-Force Red is based around the world, including in the United States, the United Kingdom, Australia and Japan. The group shares security intelligence with IBM X-Force Research, the IBM X-Force Exchange threat sharing platform, and IBM Security AppScan.

“Having a machine scan your servers and source code is a great step to help prevent data breaches, but the human element of security testing cannot be overlooked,” Charles Henderson said.

“Elite human testers can learn how an environment works and create unique attacks using techniques even more sophisticated than what the criminals have. IBM X-Force Red gives organizations the freedom to stay agile without creating blind spots in their security posture.”

IBM says the group’s four focus areas are:

  • Application – Penetration testing and source code review to identify security vulnerabilities in web, mobile, terminal, mainframe, and middleware platforms
  • Network – Penetration testing of internal, external, wireless, and other radio frequencies
  • Hardware – Verifying the security between the digital and physical realms by testing Internet of Things (IoT), wearable devices, point-of-sale (PoS) systems, ATMs, automotive systems, and self-checkout kiosks
  • Human – Performing simulations of phishing campaigns, social engineering, ransomware, and physical security violations to determine risks of human behavior

The team offers three versions of its service - individual projects, subscription-based testing, and managed testing programs - each of which comes with vulnerability analytics that are designed to improve security testing programs.