Social engineering is one of the most common attack methods used by criminals to trick employees into downloading malware, using realistic pretexts to pave the way to a security compromise.
Social engineering templates from an outside vendor, built internally, require more work for your security team and only enable basic-level attacks. Typically, the templates do not include attacker reconnaissance, for example, which is often a key part of an attacker’s strategy.
IBM Security™ X-Force® Red social engineers are able to physically compromise companies in 99% of all engagements. Find out if your employees or executives would fall for an advanced social engineering attack like spear phishing.
At least half of USB drives dropped by X-Force Red social engineers are opened. Discover how your employees would respond to an attack, and if device policies and training lead them to follow reporting guidelines.
The click rate for opening malicious emails is still typically about 30%. Discover where your company is vulnerable and remediate flaws to prevent a real attacker from succeeding.
At the beginning of every engagement, X-Force Red hackers meet with customers to understand their objectives, present various attack scenarios, develop a game plan and set goals.
X-Force Red performs extensive open-source intelligence (OSINT) gathering to uncover publicly available data about targets that could be used to compromise an organization, person or facility. Using that intelligence, our hackers identify hosts, configuration files, open ports and other detailed technical information available on external websites, torrents and forums. The team also researches the dark web, social media platforms and search engines.
For physical engagements, X-Force Red develops a tiered program based on a low, medium and high risk of getting caught. The team aims to complete as many of the defined goals as possible within the two-week period.
For projects with an explicit scope and a small number of tests. Uses X-Force Red hackers, but you retain ownership of the testing.
Fixed monthly costs for an ongoing testing program. No charges for overtime or to change testing targets. Conveniently manage your tests and budget in one place through the Red Portal or schedule tests directly with your X-Force Red program manager. Unused funds carry over to the next contract year.
Set predictable monthly budgets. With X-Force Red as your strategic partner, we handle the scoping, scheduling, testing and reporting.