Two days ago IBM Security announced X-Force Red Labs, – a network of four secure facilities dedicated to testing the security of devices and systems including consumer and industrial IoT technologies, automotive equipment, and Automated Teller Machines (ATMs). IBM X-Force Red also announced a dedicated ATM Testing practice in response to increased demand for securing financial transaction systems.
The new Labs will be operated by X-Force Red. The X-Force Red Labs offer secure locations where X-Force Red’s hackers will work to find vulnerabilities in devices before and after they are deployed to customers.
The four Labs will be in Austin, USA; Hursley, England; Melbourne, Australia; and Atlanta, USA.
The X-Force Red team has grown its penetration testing client base by over 170 percent in the last year. This growth has also led IBM Security to increase the number of X-Force Red practitioners — doubling over the past year across multiple domains.
“IBM X-Force Red has one mission – hack anything to secure everything,” said Charles Henderson, Global Managing Partner, IBM X-Force Red. “Via X-Force Red Labs, we have the ability to do just that, in a secure and controlled environment. Whether it’s the newest smart phone that hasn’t been released, an internet-connected refrigerator or a new ATM, we have the capability to test, identify, and help our clients remediate vulnerabilities before the bad guys can exploit them.”
X-Force Red Labs: Hack Anything to Secure Everything
Fixing software vulnerabilities and flaws after production can cost organisations more than 29 times the cost of identifying and fixing them during the design phase, according to the Ponemon Institute1. IBM X-Force Red, through the new four global testing labs, assists engineers and developers with building in security throughout the development lifecycle of hardware and software, including IoT-enabled devices and ATMs.
The service includes:
Documenting Product Requirements: Mapping product objectives, stakeholders and systems involved, skillsets available, and other product requirements with product engineers.
Technical Deep Dive: Analysis of product design documentation, security requirements, risk management information, and any other data to scope the penetration test.
Threat Modeling: Disclosure of potential threats and risks to the product and company including threat actors likely to target their product, how and why they would compromise it, and the potential risk to the company.
Generating Security Requirements: Create and implement a list of security requirements for engineers as they build products.
Penetrating Testing: Hacking into products using the same methods that real-world attackers would use. Through the X-Force Red cloud-based portal, the team provides real-time updates on vulnerability findings. Since X-Force Red hackers report findings as they test, customers do not have to wait until the full test is completed to begin remediation.