IBM Security Introduces New X-Force Red Services for IoT, Auto Industry


IBM Security is offering new X-Force Red security testing practice areas that are focused on the Internet of Things (IoT) and automotive security sectors, the IBM division said July 24.

The new services will be delivered through what the company called an “elite team” of IBM X-Force Red researchers that it said are focused on testing backend processes, apps and physical hardware used to control access and management of smart systems.

The new IoT services will be delivered alongside IBM’s artificial intelligence (AI)-based Watson IoT Platform to provide security services by design to organizations developing IoT solutions for all industries, it said.

Fifty-eight percent of organizations are testing their IoT applications only during the production phase, so the potential for introducing vulnerabilities into existing systems is still “unacceptably high,” IBM said. The Watson IoT Platform provides configuration and management of IoT environments, and the IBM X-Force Red services provide an additional layer of security and penetration testing it said.

“Over the past year, we’ve seen security testing further emerge as a key component in clients’ security programs,” Charles Henderson, global head of IBM X-Force Red, said in a news release. He added: “Finding issues in your products and services upfront is a far better investment than the expense of letting cybercriminals find and exploit vulnerabilities. Our own investments in people, tools and expertise have more than tripled our security testing capabilities in the first year of IBM X-Force Red, making our offense our clients’ best defense.”

Considering current and future challenges in the auto industry, meanwhile, IBM X-Force Red created an automotive practice that it said was “dedicated to helping clients secure hardware, networks, applications, and human interactions.” It cited research from Gartner that estimated the production of new automobiles equipped with data connectivity, either through a built-in communications module or by a tether to a mobile device, will reach about 61 million in 2020.

The new IBM Security automotive practice is also applying some of the findings from research disclosed by IBM X-Force Red early this year that notified consumers and the auto industry about security pitfalls inherent in connected cars, it said. The research looked at the insecure transfer of ownership between owners of some connected cars, which the company said may create an opportunity for a malicious takeover of the functions of a vehicle, such as locking and unlocking of doors, remote start, light and horn control, and the ability to geo-locate the current owner via a mobile app.

IBM X-Force Red also marked its first-year anniversary with the addition of security specialists including Cris Thomas and Dustin Heywood, the company said.
In February, IBM X-Force launched The Red Portal, a cloud-based collaboration platform for clients and security professionals that presents an end-to-end view of security testing programs.

At this year’s Black Hat conference in Las Vegas, July 22-27, X-Force Red is introducing Cracken, a dedicated password-cracking cluster used by X-Force Red during penetration tests and security assessments, it said.