IBM Security Launches X-Force Red Labs Secure Testing Facilities

IBM Security has announced X-Force Red Labs, a network of four secure facilities dedicated to testing the security of devices and systems including consumer and industrial IoT technologies, automotive equipment, and ATMs. The new labs are operated by X-Force Red, an autonomous team of veteran hackers within IBM Security, and will be located in Austin, TX; Hursley, England; Melbourne, Australia; and Atlanta, GA.

IBM X-Force Red has also launched a dedicated ATM Testing practice in response to increased demand for securing financial transaction systems.

The X-Force Red Labs offer secure locations where X-Force Red's seasoned hackers will work to find vulnerabilities in devices (hardware and software) before and after they are deployed to customers.

"IBM X-Force Red has one mission—hack anything to secure everything," said Charles Henderson, Global Managing Partner, IBM X-Force Red. "Via X-Force Red Labs, we have the ability to do just that, in a secure and controlled environment. Whether it's the newest smart phone that hasn't been released, an internet-connected refrigerator or a new ATM, we have the capability to test, identify, and help our clients remediate vulnerabilities before the bad guys can exploit them."

Citing market research, IBM says that fixing software vulnerabilities and flaws after production can cost organizations more than 29 times the cost of identifying and fixing them during the design phase, making it imperative to find and fix flaws early.

Through the new global testing labs, IBM X-Force Red will assist engineers and developers with building in security throughout the development lifecycle of hardware and software, including IoT-enabled devices and ATMs.  

The service includes mapping the product objectives, stakeholders, and systems involved, skillsets available, and other product requirements with product engineers; analysis of  the product design documentation, security requirements, risk management information, and any other data to scope the penetration test; and the disclosure of potential threats and risks to the product and company including threat actors likely to target their product, how and why they would compromise it, and the potential risk to the company.

The service also creates and implements a list of security requirements for engineers as they build products, and hacks into products using the same methods that real-world attackers would use. Through the X-Force Red cloud-based portal, the team provides real-time updates on vulnerability findings. Since X-Force Red hackers report findings as they test, customers do not have to wait until the full test is completed to begin remediation.

In addition, the X-Force Red ATM Testing service includes a global team of experienced penetration testers that can identify and help remediate physical, hardware and software vulnerabilities within banks' ATMs, before an attacker gets their hands on them. The service includes Comprehensive ATM Evaluation; Attacker-Minded Testing; Vulnerability Remediation Recommendations; and a  review of ATM logs to help financial organizations stay in compliance with industry standards such as the Payment Card Industry Data Security Standard (PCI DSS).

 For more information, go to