IBM Security has announced the launch of two new security testing practice areas focused on automotive security and the Internet of Things (IoT).
The new services will be delivered via what the company calls an elite team of IBM X-Force Red researchers focused on testing backend processes, apps and physical hardware used to control access and management of smart systems.
The new IoT services will be delivered alongside the Watson IoT Platform to provide security services by design to organisations developing IoT solutions for all industries. IBM says that, with 58% of organisations testing their IoT applications only during the production phase, the potential for introducing vulnerabilities into existing systems remains “unacceptably high”. The Watson IoT Platform provides configuration and management of IoT environments, and the IBM X-Force Red services bring an added layer of security and penetration testing.
To further optimise their engagements, IBM X-Force Red has also built a password cracker called “Cracken” designed to help clients improve password hygiene.
“Over the past year, we’ve seen security testing further emerge as a key component in clients’ security programs,” said Charles Henderson, Global Head of IBM X-Force Red. “Finding issues in your products and services upfront is a far better investment than the expense of letting cybercriminals find and exploit vulnerabilities. Our own investments in people, tools and expertise have more than tripled our security testing capabilities in the first year of IBM X-Force Red, making our offence our clients’ best defence.”
Gartner estimates that the production of new vehicles equipped with data connectivity, either through a built-in communications module or by a tether to a mobile device, is forecast to reach to 61 million in 2020. With the current and future challenges in mind, IBM X-Force Red says it created an automotive practice dedicated to helping clients secure hardware, networks, applications, and human interactions.
IBM X-Force Red adds that it worked with more than a dozen automotive manufacturers and third-party automotive suppliers to build expertise and programmatic penetration testing and consulting services. The formation of the automotive practice aims to help to shape and share industry best practices and standardise security protocols.