Overview

Just because your software sits inside a piece of hardware does not mean it is secure. Exploitable hardware vulnerabilities, especially in “legacy” hardware as little as three years old, can expose the connected software and entire infrastructure. While some manufacturers of hardware and Internet of Things (IoT) devices apply regular updates, many do not, which can expose the hardware to an attacker.

graphic shield with red outline

Benefits

Reduce risk of a hardware compromise

X-Force® Red can reverse engineer your devices to find vulnerabilities during development, and assess source code and network communications.

Leverage an attacker’s mindset

Assess device components, communications methods, modules, operating systems, chips and technical touchpoints to see how an attacker might leverage vulnerabilities to compromise your environment.

Protect brand reputation and customer trust

X-Force Red provides reporting and remediation recommendations based on design constraint realities, so you can build security in before devices are used by customers.

Three flexible models

Ad-hoc testing

Smaller project with explicit scope, using IBM hackers, and you own the testing program.

Subscription program

Fixed monthly costs. No charges for overtime or test changes. Unused funds carry over.

Managed service

Predictable monthly budgets. We handle scope, schedules, testing and reporting.

Related hardware testing services

IoT, IoMT and OT testing

man viewing a band of monitor screens

IoT, IoMT and OT testing

Despite their innovation, many IoT, operational technology (OT) and Internet of Medical Things (IoMT) devices and backend systems are not designed with security in mind. Because taking these devices offline could be catastrophic, testing is critical.

Industrial control systems testing

man viewing laptop in modern factory

Industrial control systems testing

Industrial control systems (ICS) technology — such as supervisory control and data acquisition (SCADA) or distributed control systems (DCS) — is used in critical infrastructure organizations with highly complex, integrated environments. It can be challenging to find and remediate vulnerabilities, especially for IT staff managing security.

Automotive testing

overhead view of modern traffic bridge

Automotive testing

X-Force Red automotive testing is a team of engineers and automotive enthusiasts are also security experts. They can test suppliers’ vehicle components, the integration of those components, and the vehicle’s entire connected ecosystem, from applications to Wi-Fi connectivity and more.

ATM testing

person using atm

ATM testing

Find and fix physical hardware and software vulnerabilities within your bank’s ATMs and connected infrastructure with X-Force Red seasoned penetration testers. After identifying ATM vulnerabilities, the team works with you on a remediation plan to protect your customers’ sensitive financial data.

Application testing

man in office viewing monitors and smartphone

Application testing

With the proliferation of IoT devices, mobile applications, cloud adoption, microservices and web applications, the number of applications you need to test can easily run into the hundreds.

Cloud testing

man working in server room

Cloud testing

X-Force Red cloud testing uncovers and helps fix critical vulnerabilities exposing your most important hybrid cloud-based assets — such as containers, images, operating systems, applications and developers — during cloud migrations and beyond.

Explore the X-Force Red portal

Centrally manage your testing program and budget. Simplify the way you digest your penetration testing data with prioritized findings and remediation recommendations. Schedule tests based on your preferred timeframe and access current and past report findings, evidence and remediation recommendations in one place.

laptop showing screenshot of x-force red interface

Resources

Latest on security testing

Read about security services, recent research and managed security services best practices.

Penetration testing demo

Get an inside look at the X-Force Red portal and learn how to manage penetration testing.