IBM launches X-Force Red enterprise bug hunting team

The new division will focus on finding and fixing vulnerabilities -- before cyberattackers do.
Written by Charlie Osborne, Contributing Writer

IBM is launching a new security testing group called X-Force Red to assist enterprise players in limiting the risk of cyberattack.


On Tuesday, Big Blue said IBM X-Force Red will work with enterprise players as security consultants and auditors who can help companies find weaknesses in their networks, software, and solutions.

The team will be led by penetration testing expert Charles Henderson.

IBM X-Force Red plans to focus on penetration testing and reviewing source code to identify security vulnerabilities in web, mobile, terminal, mainframe, and middleware platforms, as well as testing network systems.

In addition, X-Force Red will be available to check the security of Internet of Things (IoT) products, vehicles, point-of-sale (PoS) systems, ATMs, and self-checkout kiosks.

The company is not just looking at software elements, however. The team will also work in education and training by creating simulations of phishing campaigns, social engineering, ransomware, and physical security violations.

The team will be global, with members based in countries including the US, UK, Australia, and Japan.

According to a study commissioned by business internet service provider (ISP) Beaming, cyberattacks have cost UK firms £34.1 billion in the past year alone -- and this figure is likely to rise.

"Attackers looking for the next zero-day exploit constantly scrutinize existing technologies; these technologies require periodic security testing to maintain their integrity," IBM says.

IBM X-Force Red will offer testing services in three models: individual projects, subscription-based assistance, and managed testing programs.

"Having a machine scan your servers and source code is a great step to help prevent data breaches, but the human element of security testing cannot be overlooked," said Charles Henderson, global head of security testing at X-Force Red, IBM Security. "Elite human testers can learn how an environment works and create unique attacks using techniques even more sophisticated than what the criminals have. IBM X-Force Red gives organizations the freedom to stay agile without creating blind spots in their security posture."

10 things you didn't know about the Dark Web

Editorial standards