Las Vegas, NV, USA - July 24, 2017 - IBM (NYSE: IBM) Security today announced the launch of two new security testing practice areas focused on automotive security and the Internet of Things (IoT). The new services will be delivered via an elite team of IBM X-Force Red researchers focused on testing backend processes, apps and physical hardware used to control access and management of smart systems. The new IoT services will be delivered alongside the Watson IoT Platform to provide security services by design to organizations developing IoT solutions for all industries.
|
Photo courtesy of IBM security / GM OnStar Remote Link |
|
Las Vegas, NV, USA - July 24, 2017
• IBM Security Testing Group Expands with Notable Industry Hires and New Investments in Tools
IBM (NYSE: IBM) Security today announced the launch of two new security testing practice areas focused on automotive security and the Internet of Things (IoT).
The new services will be delivered via an elite team of IBM X-Force Red researchers focused on testing backend processes, apps and physical hardware used to control access and management of smart systems.
|
Photo courtesy of IBM security / GM OnStar Remote Link |
|
The new IoT services will be delivered alongside the Watson IoT Platform to provide security services by design to organizations developing IoT solutions for all industries.
https://www.ibm.com/internet-of-things/platform/iot-security/
|
Photo courtesy of IBM security / GM OnStar Remote Link |
|
With 58% of organizations testing their IoT applications only during the production phase, the potential for introducing vulnerabilities into existing systems remains unacceptably high.
The Watson IoT Platform provides configuration and management of IoT environments, and the IBM X-Force Red services bring an added layer of security and penetration testing.
|
Photo courtesy of IBM security |
|
IBM X-Force Red marked its first-year anniversary with the addition of security specialists such as Cris Thomas (aka Space Rogue) and Dustin Heywood (aka Evil_Mog with Team Hashcat), who add to the team’s impressive roster of talent globally.
https://twitter.com/spacerog
https://twitter.com/Evil_Mog
|
Cris Thomas (aka Space Rogue)
Photo courtesy of IBM security |
|
To further optimize their engagements, IBM X-Force Red has also built a password cracker called “Cracken” designed to help clients improve password hygiene.
|
Dustin Heywood (aka Evil_Mog with Team Hashcat)
Photo courtesy of IBM security |
|
“Over the past year, we’ve seen security testing further emerge as a key component in clients’ security programs,” said Charles Henderson, Global Head of IBM X-Force Red.
“Finding issues in your products and services upfront is a far better investment than the expense of letting cybercriminals find and exploit vulnerabilities. Our own investments in people, tools and expertise have more than tripled our security testing capabilities in the first year of IBM X-Force Red, making our offense our clients’ best defense.”
|
Gary Meshell
Photo courtesy of IBM security |
|
Connected Car Security is a Global Priority
Gartner estimates that the production of new automobiles equipped with data connectivity, either through a built-in communications module or by a tether to a mobile device, is forecast to reach to 61 million in 2020.
|
Photo courtesy of IBM security |
|
With the current and future challenges in mind, IBM X-Force Red created an automotive practice dedicated to helping clients secure hardware, networks, applications, and human interactions.
IBM X-Force Red worked with more than a dozen automotive manufacturers and third-party automotive suppliers to build expertise and programmatic penetration testing and consulting services.
|
Photo courtesy of IBM security |
|
The formation of the automotive practice aims to help to shape and share industry best practices and standardize security protocols.
The new automotive practice is also applying some of the findings from research disclosed by IBM X-Force Red early this year that notified consumers and the automotive industry of security pitfalls inherent in connected cars.
https://www.consumerreports.org/privacy/privacy-threat-in-your-used-car/
http://blog.caranddriver.com/is-your-connected-car-at-risk-previous-owners-may-still-have-access/
|
Photo courtesy of IBM security / GM OnStar Remote Link |
|
The research looked at the insecure transfer of ownership between owners of some connected cars, which may create an opportunity for a malicious takeover of the functions of the vehicle, such as locking and unlocking of doors, remote start, light and horn control, and the ability to geo-locate the current owner through a mobile app.
|
Photo courtesy of IBM security |
|
When these findings were revealed at RSA 2017, Henderson and IBM X-Force Red also disclosed that these security loopholes were also identified across four major auto manufacturers.
The interconnected components and systems in a modern vehicle can number in the hundreds or thousands, each with their own security controls and vulnerabilities.
|
Photo courtesy of IBM security |
|
As these components are combined and connected to mobile applications and external servers, the total amount of potential vulnerabilities for the vehicle climbs above the sum vulnerabilities of its parts.
With this in mind, IBM X-Force Red performs discrete security testing of the components and solution-based security testing for the complete system of the vehicle.
Watson IoT Platform and IBM X-Force Red
Gartner forecasts that 8.4 billion connected things will be in use worldwide in 2017, up 31 percent from 2016, and will reach 20.4 billion by 2020.
|
Five indisputable facts about IoT security (1/2).
Courtesy of IBM security |
|
While the insights gained from IoT data help drive revenue streams and forge lasting customer relationships, demand and shortened production cycles often leads to rushed or non-existent security testing for these new products and services.
IBM X-Force Red has changed the delivery of security testing due to the perceived gaps in security of emerging technologies such as IoT and connected cars.
|
Five indisputable facts about IoT security (2/2).
Courtesy of IBM security |
|
Programmatic and on-demand security testing through the entire lifecycle of the products is emerging as the best way to find vulnerabilities in a proactive fashion.
Watson IoT Platform customers will now be able to leverage the security expertise of IBM X-Force Red to assist throughout development and deployment.
|
Photo courtesy of IBM security |
|
“It’s not just about the technology, it is also about the global reach, investment, and collaborative approach which make IBM a trusted IoT partner for enterprise IoT solutions,” said James Murphy, Offering Manager, IBM Watson IoT Platform.
“With IoT technologies permeating the farthest corners of industry, IBM is bringing our Watson IoT Platform and X-Force Red security talent together to address present and future concerns.”
|
Photo courtesy of IBM security |
|
The Watson IoT Platform approach is security by design, with security controls built-in, delivered as a cloud-based service with industry-recognized ISO27001 compliance.
https://developer.ibm.com/iotplatform/2016/09/01/secure-your-iot/
|
Photo courtesy of IBM security |
|
The Watson IoT Platform also has advanced security IoT service capabilities that extend Watson IoT Platform with Threat Intelligence for IoT.
These features help customers visualize critical risks in the IoT landscape and create policy-driven automations to help prioritize operational responses for IoT incidents.
|
Photo courtesy of IBM security |
|
The skills and experience of the X-Force Red team alongside the Watson IoT Platform provide the vital components to help get clients off to the right start from design all the way through to go-live of their IoT solution.
Investing in Infrastructure
In February 2017, IBM X-Force launched The Red Portal, a cloud-based collaboration platform for clients and security professionals that presents an end-to-end view of security testing programs.
https://www.ibm.com/security/services/penetration-testing/demo/
https://securityintelligence.com/the-red-portal-ibm-x-force-reds-collaborative-client-experience/
|
IBM Z
Photo courtesy of IBM |
|
Clients can view real-time testing project milestones, vulnerabilities across all assets, reports of findings and the overall status of their managed testing program.
The Red Portal centralizes and streamlines all communications with X-Force Red and provides a way to begin remediation immediately on the most critical items.
|
Photo courtesy of IBM security |
|
At this year’s Black Hat conference, X-Force Red will unveil the newest weapon in their arsenal.
Cracken is a dedicated password-cracking cluster used by X-Force Red during penetration tests and security assessments.
|
Photo courtesy of IBM security |
|
To illustrate the importance of password length and complexity, X-Force Red will let attendees test passwords against Cracken at Booth #616 during Black Hat USA 2017.
IBM X-Force Red at Black Hat 2017 and DEF CON 2017
Charles Henderson, Global Head of IBM X-Force Red, will present his discussion of real-life penetration testing, “Better Than Mr. Robot” at Black Hat USA 2017.
https://securityintelligence.com/events/black-hat-usa-2017/
The session will be held in Business Hall Theater B, Mandalay Bay on Thursday, July 27 from 11:00-11:50 a.m. PT.
Chris Thompson, Red Team Ops Lead, IBM X-Force Red, will present his demonstration of advanced Red Team tactics, “MS Just Gave the Blue Team Tactical Nukes (and How Red Teams Need to Adapt)” at DEF CON 25.
https://www.defcon.org/html/defcon-25/dc-25-speakers.html#Thompson
The demo will be held in the 101 Track on Saturday, July 30 from 3:00-3:45 p.m. PT.
X-Force Red and other IBM Security experts will demonstrate the latest offerings at Booth #616, Level 1 Business Hall, Mandalay Bay on July 26 & 27.
https://securityintelligence.com/events/black-hat-usa-2017/
|
Photo courtesy of IBM security |
|
About IBM Security
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services.
The portfolio, supported by world-renowned IBM X-Force® research, enables organizations to effectively manage risk and defend against emerging threats.
IBM operates one of the world’s broadest security research, development and delivery organizations, monitors 35 billion security events per day in more than 130 countries, and has been granted more than 3,000 security patents worldwide.
For more information, please check www.ibm.com/security
follow @ibmsecurity on Twitter
https://twitter.com/ibmsecurity
or visit the IBM Security Intelligence blog.
http://securityintelligence.com/
Contact information
Dillon Townsel
IBM Media Relations, Security
1 (512) 571-3455
dillon.townsel@ibm.com
Source: IBM
http://www-03.ibm.com/press/us/en/pressreleases/recent.wss
ASTROMAN Magazine - 2017.07.18
IBM Mainframe Ushers in New Era of Data Protection
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=2298
ASTROMAN Magazine - 2017.06.23
IBM Advances Unified Governance, Data Science to Give Global Organizations Deeper Insights to Manage GDPR Readiness
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=2282
ASTROMAN Magazine - 2017.06.21
IBM Opens European X-Force Command Center in Poland
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=2281
ASTROMAN Magazine - 2017.06.16
VivaTech 2017: Startups to Showcase New AI-based Solutions Built with IBM Watson
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=2278
ASTROMAN Magazine - 2017.06.14
IBM Integrates with BMW CarData to Enable New and Innovative Services for Drivers
http://www.astroman.com.pl/index.php?mod=magazine&a=read&id=2276
ASTROMAN Magazine - 2017.05.03
Lufthansa Group Creates a Better Travel Experience with IBM MobileFirst for iOS
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=2237
ASTROMAN Magazine - 2016.11.26
IBM Security Offers Tips To Shop Safely on Cyber Monday
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=2162
ASTROMAN Magazine - 2016.10.01
Amazon, DeepMind/Google, Facebook, IBM and Microsoft Establish Partnership on Artificial Intelligence Best Practices
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=2131
ASTROMAN Magazine - 2016.10.01
IBM Unveils Industry’s First Platform to Integrate All Data Types for AI-Powered Decision-Making
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=2130
ASTROMAN Magazine - 2016.09.16
IBM and Bank of Tokyo-Mitsubishi UFJ to Use Blockchain For Contract Management between the Two Companies
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=2120
ASTROMAN Magazine - 2016.09.03
IFA 2016: IBM Watson Powers Wave of Innovation in Consumer Electronics
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=2115
ASTROMAN Magazine - 2016.08.14
IBM: 21 Hospitals Across China to Adopt Watson for Oncology to Help Physicians Personalize Cancer Care
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=2104
ASTROMAN Magazine - 2016.07.30
VU University Medical Center Amsterdam Collaborates with IBM to Enhance Communication between Healthcare Professionals with Analytics
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=2096
ASTROMAN Magazine - 2016.02.14
IBM Achieves Highest U.S. Defense Information Systems Agency Authorization for Cloud Services
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=2024
ASTROMAN Magazine - 2015.11.27
IBM's Watson Predicts the Top Products and Trends for Black Friday
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=1997
ASTROMAN Magazine - 2015.11.15
Boston Children's Hospital to Tap IBM Watson to Tackle Rare Pediatric Diseases
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=1992
ASTROMAN Magazine - 2015.08.29
IBM and GENCI Team to Drive Supercomputing Closer to Exascale
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=1952
ASTROMAN Magazine - 2015.08.09
IBM: Watson to Gain Ability to "See" with Planned USD1 Billion Acquisition of Merge Healthcare
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=1946
ASTROMAN Magazine - 2015.07.11
IBM Research Alliance Produces Industry's First 7nm Node Test Chips
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=1936
ASTROMAN Magazine - 2015.06.27
IBM Research: Internet of Things Turning New York's Lake George into "World's Smartest Lake”
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=1932
ASTROMAN Magazine - 2015.05.31
Doctor Evidence Brings Valuable Health Data to IBM Watson Ecosystem
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=1923
ASTROMAN Magazine - 2015.05.02
Japan Post Group, IBM and Apple Deliver iPads and Custom Apps to Connect Elderly in Japan to Services, Family and Community
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=1913
ASTROMAN Magazine - 2015.03.22
IBM Invests in Modernizing Medicine to Accelerate Adoption of Watson Technologies in Healthcare
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=1893
ASTROMAN Magazine - 2015.02.22
IBM Studio Opens in London to Transform the Client Experience
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=1876
ASTROMAN Magazine - 2015.01.19
IBM Launches z13 Mainframe - Most Powerful and Secure System Ever Built
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=1863
ASTROMAN Magazine - 2014.12.24
IBM Named a Worldwide Leader in IDC MarketScape for Mobile Application Development and Testing Consulting Services
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=1852
ASTROMAN Magazine - 2014.08.30
IBM Watson Ushers in a New Era of Data-Driven Discoveries
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=1783
ASTROMAN Magazine - 2013.11.16
IBM Watson's Next Venture: Fueling New Era of Cognitive Apps Built in the Cloud by Developers
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=1587
ASTROMAN Magazine – 2012.03.03
IBM Forms Watson Healthcare Advisory Board
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=1191
ASTROMAN Magazine – 2011.02.20
IBM to Collaborate with Nuance to Apply IBM's "Watson" Analytics Technology to Healthcare
https://www.astroman.com.pl/index.php?mod=magazine&a=read&id=899
Editor-in-Chief of ASTROMAN magazine: Roman Wojtala, Ph.D.
|