Overview
Just because your software sits inside a piece of hardware does not mean it is secure. Exploitable hardware vulnerabilities, especially in “legacy” hardware as little as three years old, can expose the connected software and entire infrastructure. While some manufacturers of hardware and Internet of Things (IoT) devices apply regular updates, many do not, which can expose the hardware to an attacker.
Benefits
Reduce risk of a hardware compromise
X-Force® Red can reverse engineer your devices to find vulnerabilities during development, and assess source code and network communications.
Leverage an attacker’s mindset
Assess device components, communications methods, modules, operating systems, chips and technical touchpoints to see how an attacker might leverage vulnerabilities to compromise your environment.
Protect brand reputation and customer trust
X-Force Red provides reporting and remediation recommendations based on design constraint realities, so you can build security in before devices are used by customers.
Three flexible models
Ad-hoc testing
Smaller project with explicit scope, using IBM hackers, and you own the testing program.
Subscription program
Fixed monthly costs. No charges for overtime or test changes. Unused funds carry over.
Managed service
Predictable monthly budgets. We handle scope, schedules, testing and reporting.
Related hardware testing services
IoT, IoMT and OT testing
IoT, IoMT and OT testing
Despite their innovation, many IoT, operational technology (OT) and Internet of Medical Things (IoMT) devices and backend systems are not designed with security in mind. Because taking these devices offline could be catastrophic, testing is critical.
Industrial control systems testing
Industrial control systems testing
Industrial control systems (ICS) technology — such as supervisory control and data acquisition (SCADA) or distributed control systems (DCS) — is used in critical infrastructure organizations with highly complex, integrated environments. It can be challenging to find and remediate vulnerabilities, especially for IT staff managing security.
Automotive testing
Automotive testing
X-Force Red automotive testing is a team of engineers and automotive enthusiasts are also security experts. They can test suppliers’ vehicle components, the integration of those components, and the vehicle’s entire connected ecosystem, from applications to Wi-Fi connectivity and more.
ATM testing
ATM testing
Find and fix physical hardware and software vulnerabilities within your bank’s ATMs and connected infrastructure with X-Force Red seasoned penetration testers. After identifying ATM vulnerabilities, the team works with you on a remediation plan to protect your customers’ sensitive financial data.
Application testing
Application testing
With the proliferation of IoT devices, mobile applications, cloud adoption, microservices and web applications, the number of applications you need to test can easily run into the hundreds.
Cloud testing
Cloud testing
X-Force Red cloud testing uncovers and helps fix critical vulnerabilities exposing your most important hybrid cloud-based assets — such as containers, images, operating systems, applications and developers — during cloud migrations and beyond.
Explore the X-Force Red portal
Centrally manage your testing program and budget. Simplify the way you digest your penetration testing data with prioritized findings and remediation recommendations. Schedule tests based on your preferred timeframe and access current and past report findings, evidence and remediation recommendations in one place.
Resources
Latest on security testing
Read about security services, recent research and managed security services best practices.
Penetration testing demo
Get an inside look at the X-Force Red portal and learn how to manage penetration testing.