A programmatic approach

X-Force® Red is an autonomous team of veteran hackers, within IBM Security, hired to break into organizations and uncover risky vulnerabilities that criminal attackers may use for personal gain. X-Force Red offers penetration testing and vulnerability management programs to help security leaders identify and remediate security flaws covering their entire digital and physical ecosystem.

X-Force Red can do whatever criminal hackers can do, but with the goal of helping security leaders harden their defenses and protect their most important assets.

Watch the “Defending against cyberattacks” video (1:16)

IBM X-Force Red logo

Find and fix your most critical known and unknown vulnerabilities

Test your applications, network, hardware, personnel and more

With X-Force Red’s "think like a criminal" mentality, our hackers uncover and help fix security vulnerabilities across your infrastructure

Learn about penetration testing

Test your ATMs and connected cars

X-Force Red has testing services for ATMs and automotive

Learn about automotive testing

Learn about ATM testing

Test your IoT solutions

Inside our global X-Force Red Labs or at a location of your choice, our hackers can test your IoT, IIoT, and OT technologies during design and beyond

Learn about IoT testing

Learn about Industrial Control Systems testing

Rank and remediate vulnerabilities targeting your most important assets

Prioritize vulnerabilities within minutes

Automated vulnerability ranking based on whether or not the vulnerability is being weaponized by criminals and the importance of the exposed asset

Learn about Vulnerability Management Services

Reduce false positives

X-Force Red validates identified vulnerabilities, weeding out false positives

Read the white paper

Risk-based remediation 

X-Force Red facilitates concurrent remediation so that the most critical vulnerabilities are fixed first without overburdening your busy staff

Read the white paper (480 KB)

Test and measure your security team's response

a satellite dish in contrast with clouds in a sky

Simulate attacks

X-Force Red simulates a full-scale attack to measure how well your "blue teams" and security controls detect and respond

an illustration of a radar

Discover new attack methodologies

X-Force Red Adversary Simulation exercises incorporate the same stealthy techniques as criminals and new ones that criminals have not yet tried

Identify missed attacks and harden your defenses

X-Force Red compares its findings with your blue team’s, identifies missed attacks and provides recommendations to harden your defenses 

Learn more about X-Force Red Adversary Simulation

Why X-Force Red is unique

Meet our hackers

Get to know our hackers and the innovative work they do to help organizations strengthen security and minimize risk

Meet the team

The X-Force Red portal

Create and manage an offensive security testing program using our cloud-based collaboration and communication platform

See the demo

Breadth of portfolio 

X-Force Red can test networks, applications, hardware, personnel, devices, ATMs, airplanes, cars and much more

Read the white paper

Resources

Hack attack

Our hackers performed attacker reconnaissance against a chief information security officer. Find out what they discovered.

Watch the webcast

International advertising company

Protecting advertising displays from attacks with IBM X-Force Red Penetration Testing

Read the case study

Global automotive manufacturer

Testing its aftermarket car plug-in solution enabled this manufacturer to identify and fix security vulnerabilities during design

Read the case study