IBM X-Force Red Adds New Service for Blockchain Security Testing

IBM Security's team of offensive security experts, X-Force Red, has launched a new blockchain testing service to help identify weaknesses and strengthen the security of solutions that incorporate the technology.

Leveraging the security and developer expertise of X-Force Red penetration testers, the service will evaluate both the back-end processes used to manage blockchain networks as well as the actual ledger environment.

With worldwide spending on blockchain solutions expected to reach $9.7 billion by 2021, IBM says, the number of blockchain implementations will likely grow exponentially across all industries. 

At the same time, the benefit of the network effect inherent to blockchain networks means they include broad, decentralized ecosystems of organizations.

This, in turn, offers different attack vectors than traditional applications and creates opportunities for cybercriminals seeking to manipulate or monetize the data being shared on the blockchain.

IBM X-Force Red is seeing that 70% of solutions that incorporate blockchain rely on traditional technologies for backend processes such as authentication, data processing and application programming interfaces (API).

X-Force Red is comprised of hackers who can break into blockchain networks using the same tools, techniques, practices and mindsets as criminals would use. Through vulnerability assessments, vulnerability management programs, adversary simulation exercises, and manual penetration testing, X-Force Red can help organizations identify and fix vulnerabilities before criminals find them. 

The X-Force Red Blockchain Testing service will evaluate the entire implementation, including chain code, public key infrastructure and hyperledgers. X-Force Red will also test back-end processes, applications and physical hardware used to control access and manage blockchain networks.

"While blockchain is a breakthrough for protecting the integrity of data, that does not mean the solutions that leverage it are immune from attackers, which is why security testing is essential during development and after deployment," said Charles Henderson, Global Head of IBM X-Force Red. "If we look at mobile applications, cloud computing and even personal computers—all these innovations needed to adopt policies and techniques for security after they grew in popularity. Blockchain presents businesses with an opportunity to break that trend." 

By working with the IBM Blockchain team, IBM says, X-Force Red is able to share expertise from an architectural, operational, and deployment perspective to understand the potential security risks within the technology stack supporting blockchain networks.

According to IBM, X-Force Red has changed the delivery of security testing due to the perceived gaps in security of emerging technologies such as IoT, connected cars, and now blockchain. Programmatic, scalable, and continuous security testing through the entire lifecycle of products is emerging as the best way to find vulnerabilities in a proactive fashion. Blockchain adopters will now be able to leverage the security, developer, and "attacker mindset" expertise of X-Force Red to assist throughout development and deployment.

For more information, go to