Red Team: IBM Cyber Security Service Revealed

Although efforts continue to find autonomous solutions to cybersecurity, some companies believe that the human factor is still important.

IBM Security announced the formation of IBM X-Force Red, a group of security professionals and ethical hackers whose goal is to help businesses discover vulnerabilities in their computer networks, hardware, and software applications before cybercriminals do.

It is a global team with a network of hundreds of security professionals based in dozens of locations around the world, including the US, the UK, Australia and Japan.

The security testing professionals group bring expertise from across multiple industries like healthcare, financial services, retail, manufacturing and the public sector. Collectively, they have conducted security tests for the world’s largest brands and governments.

Malicious attacks against corporate assets are on the rise, with 64% more security incidents reported in 2015 than in 2014. As new solutions are brought online, security is often an afterthought.

For example, 33% of companies do not test mobile applications for security vulnerabilities. Attackers looking for the next zero-day exploit constantly scrutinize existing technologies; these technologies require periodic security testing to maintain their integrity.

“Having a machine scan your servers and source code is a great step to help prevent data breaches, but the human element of security testing cannot be overlooked,” said Charles Henderson, Global Head of Security Testing and X-Force Red, IBM Security.

Focus areas are:

Application – Penetration testing and source code review to identify security vulnerabilities in web, mobile, terminal, mainframe, and middleware platforms.

Network – Penetration testing of internal, external, wireless, and other radio frequencies.

Hardware – Verifying the security between the digital and physical realms by testing Internet of Things (IoT), wearable devices, point-of-sale (PoS) systems, ATMs, automotive systems, and self-checkout kiosks.

Human – Performing simulations of phishing campaigns, social engineering, ransomware, and physical security violations to determine risks of human behavior.

The group provides security testing services in three models: individual projects, subscription-based testing, and managed testing programs. The subscription model offers significant budget flexibility by pre-allocating testing funds without defining specific testing targets or even test types. Managed testing programs are ideal for organizations without the security staff to determine testing priorities, document remediation requirements, and enforce policies.

All of the models include vulnerability analytics designed to improve the efficiency and impact of security testing programs. This nimble approach gives companies increased elasticity of security spend and powerful testing on demand, including vulnerability assessment and management for the full lifecycle of application and network deployments.

I-HLS: http://bit.ly/2aTFQSj

« What Happens When Two Countries Fight A Cyber War?
Cyber Spy Group Uncovered After Years Of Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ITpreneurs

ITpreneurs

ITpreneurs provides IT training content, Instructors, Learning Infrastructure and services to IT Training providers.

CERT.GOV.AZ

CERT.GOV.AZ

Azerbaijan Government Computer Incident Response Team

inBay Technologies

inBay Technologies

inBay Technologies' idQ Trust as a Service (TaaS) is a unique and innovative SaaS that eliminates the need for user names and passwords.

SecureKey Technologies

SecureKey Technologies

SecureKey is a leading identity and authentication provider that simplifies consumer access to online services and applications.

HelseCERT

HelseCERT

HelseCERT is the health and care sector's national information security center for Norway.

CI-CERT

CI-CERT

CI-CERT is the national Computer Incident Response Team for Cote d'Ivoire.

Sphonic

Sphonic

Sphonic provides regulated institutions of any size a powerful compliance & risk platform to quickly and securely onboard new customers and manage ongoing AML and Fraud & Risk trends.

DigiByte (DGB)

DigiByte (DGB)

DigiByte (DGB) is a rapidly growing global blockchain with a focus on cybersecurity for digital payments & decentralized applications.

ISA Security Compliance Institute (ISCI)

ISA Security Compliance Institute (ISCI)

ISCI, a not-for-profit automation controls industry consortium, manages the ISASecure™ conformance certification program for industrial automation and control systems.

Cyber Pop-Up

Cyber Pop-Up

Cyber Pop-Up provide on-demand access to top security experts. No recruiting. No onboarding. No overhead costs.

Illuma Labs

Illuma Labs

Illuma Labs delivers real-time voice authentication and fraud prevention solutions.

Gigit

Gigit

Gigit’s Service portfolio focuses on your business’ needs and the integration of comprehensive cybersecurity policies, plans, procedures, and practices into your business culture and operations.

Zephyr Project

Zephyr Project

The Zephyr Project strives to deliver the best-in-class RTOS for connected resource-constrained devices, built to be secure and safe.

CySecK

CySecK

CySecK is a Centre of Excellence in Cybersecurity formed in 2017 by the Government of Karnataka, as part of the Technology Innovation Strategy.

PatchAdvisor

PatchAdvisor

PatchAdvisor core services include Vulnerability Assessments/Penetration Testing, Application Vulnerability Assessments, and Incident Response.

xdr.global

xdr.global

Xdr.global is a cybersecurity consulting firm, focused on promoting and aligning Extended Detection and Response (XDR) security solutions.