Security Randori Recon Randori Attack Targeted IBM X-Force Attack Targeted Services
Improve cyber resilience and demonstrate the ROI of existing security investments with continuous automated red teaming
No-Cost X-Force Consultation Watch the overview video (2:10)
Illustration of skyscrapers surrounded by circles with red alert symbols above 3
Extend attack surface management with continuous automated red teaming

One- third of attackable network assets are unmanaged or unknown—offering easy targets for attackers and risking unintended data exposure. The challenge of keeping this data safe is only growing as businesses quickly expand through acquisitions and make internal systems externally accessible on the cloud to remote workers. Adversaries are taking advantage of this increased rate of change, decreasing their time to attack from months to days.

IBM X-Force Randori Attack Targeted Services allows you to test, validate and improve your security posture continuously. These services extend the benefits of attack surface management by adding objective-driven campaigns and after-action reporting. IBM establishes an ethical red team tailored to your objectives while top cybersecurity experts from diverse backgrounds help provide flexible and comprehensive security assessments. Every month, this service provides 1-week of human-led exercises to simulate targeted threat actors. They focus on your organization’s high-value assets attempting to bypass existing defensive measures and identifying gaps.

For the rest of the month, the operator engages in a full-scale recon mission—sifting through data, pinpointing vulnerabilities, and strategizing for defense. These insights aim to help bolster your security to prevent, detect, and respond to real-world attack techniques.

Estimate total cost of subscription
Why X-Force Attack Targeted Forrester Consulting recently conducted a Total Economic Impact™ (TEI) study of IBM Security Randori. The 2023 IBM-commissioned study found several benefits, including: Read the Forrester TEI study 30%

30% reduction in time to triage exposures for remediation.*


90% reduction in exposure analysis efforts.*



Labor savings of up to 75% from augmented red team activities.*


Benefits Clarify your cyber risk

Shift your organizational mindset from find-and-fix to proactive resilience by testing your security program (people, processes, and technologies).

Validate your security at scale

Outpace change by using iterative and continuous validation that targets your security blind spots.

Extend your security expertise

Reduce resource constraints and amplify your team expertise with IBM X-Force’s ethical red team tailored to your objectives. 


Risk-based prioritization Use the patent-pending algorithm to calculate adversarial temptation, business context and a common vulnerability scoring system (CVSS) severity to prioritize risk based on impact.

Automated runbooks Conduct red teaming at scale by mapping to authorized assets for validation. Tailor automated runbooks to target your desired organizational objective.
Remediation guidance Use in-product guidance and detailed write-ups of strategies to help reduce your overall exposure.

Monthly finding reports View the executive report produced by the Randori Hacker Operations Center to quickly understand findings and your current security posture.

Use cases
Continuous security validation Maintain the effectiveness of your cybersecurity measures and practices by continuously assessing and validating the security controls, configurations and policies in place to protect your digital assets, data and systems. Learn more

Continuous threat exposure management Proactively and systematically manage your organization's exposure to various cyber threats and vulnerabilities. Understand your organization's risk landscape and take measures for risk management and mitigation over time. Learn more

Using Randori has helped me understand how much risk I am willing to accept. It has completely changed my mindset on how we should do security. John Shaffer CIO Greenhill & Co. Read how Greenhill continually strengthens its defenses against cyberattacks
Resources IBM X-Force Attack Targeted Services data sheet

Learn how you can extend the benefits of attack surface management with continuous automated red teaming. Clarify your cyber risk, validate your security at scale, and extend your security expertise with comprehensive security assessments.

IBM X-Force Overview

Understand gaps in defensive strategies by simulating advanced attack techniques favored by criminals.

IBM X-Force Red Adversary Simulation Overview

Find detailed information on how our expert team of hackers, responders, researchers, and analysts use offensive and defensive strategies powered by cutting-edge threat intelligence to help your organization prevent, detect, respond to, and recover from cybersecurity incidents.

Related services X-Force Red Offensive Security Services

IBM X-Force Red uses the same tactics, tools, techniques and mindsets as attackers to uncover and help organizations fix those vulnerabilities. We can help you stay ahead of attackers and protect your most valuable data.

X-Force® Red Adversary Simulation Services

Explore to learn how adversary simulation services can help test, measure, and improve detection and response capabilities.

IBM X-Force Cyber Range

Create immersive simulations to guide your team through realistic breach scenarios, helping ensure you can respond and recover from enterprise-level cyber security incidents, manage vulnerabilities, and build a stronger security culture in your organization.

Take the next step

Take control of your attack surfacesecurity landscape today. Schedule a discovery briefing with our X-Force team to discuss your security challenges.

Schedule your 1:1 briefing Get a price estimate

The Total Economic ImpactTM of IBM Security Randori is a commissioned study conducted by Forrester Consulting on behalf of IBM, June 2023. Based on projected results of a composite organization modeled from 4 interviewed IBM customers. Actual results will vary based on client configurations and conditions and, therefore, generally expected results cannot be provided.