Story image

IBM X-Force takes on IoT security across connected devices - and vehicles

26 Jul 17

IBM X-Force researchers are tacking on vehicle and IoT security as part of a new initiative by IBM Security. Researchers will focus on testing back end processes, apps and physical hardware which accesses and managed smart systems.

The new, specialised practice is the company’s pre-emptive response to a booming market for data connectivity in vehicles, which Gartner expects will reach 61 million by 2020.

Earlier this year X-Force researchers discovered major security holes in connected cars. Some cars insecurely transferred ownership between owners, which can create gateways to malicious vehicle takeovers such as door locks, remote starting and being able to track the current owner through a mobile app.

Global head of IBM X-Force Red, Charles Henderson, says security testing is becoming a key component in clients’ security programs.

X-Force researchers worked with more than 12 vehicle manufacturers and third-party automotive suppliers to build expertise and programmatic penetration and consulting services. IBM Security says that by forming this process, it will pave the way for shaping industry best practices and standardising security protocols.

X-Force researchers will also be applying security to IoT security as a whole. The services will be delivered alongside the Watson IoT platform to provide custom-designed security services to firms developing IoT solutions across all industries.

Gartner predicts that 8.4 billion connected things will be used worldwide this year, and will reach 20.4 billion by 2020.

“Finding issues in your products and services upfront is a far better investment than the expense of letting cybercriminals find and exploit vulnerabilities. Our own investments in people, tools and expertise have more than tripled our security testing capabilities in the first year of IBM X-Force Red, making our offense our clients’ best defence,” Henderson adds.

By applying IBM X-Force to the Watson platform, the company says that security testing through an entire IoT device’s lifecycle can be the best way to find vulnerabilities in a proactive fashion.

So far the cloud platform is ‘security by design’ that has built-in security controls and delivered as a cloud-based service. 

IBM Watson IoT Platform offering manager James Murphy says it’s a combination of reach, investment, collaboration and security that helps position the company as a trusted IoT partner.

“With IoT technologies permeating the farthest corners of industry, IBM is bringing our Watson IoT Platform and X-Force Red security talent together to address present and future concerns.”

Earlier this year IBM X-Force also released a cloud-based collaboration platform for security professionals and clients, named ‘The Red Portal’. The platform provides an end-to-end view of security testing programs. The firm also created its own password cracker, named ‘Cracken’, designed to help clients improve their password hygiene.

X-Force marked its first-year of operation by bringing security specialists Cris Thomas and Dustin Heywood to further its in-house talent. 

Cofense launches MSSP program to provide phishing defence for SMBs
SMBs are highly susceptible to phishing attacks, and often lack the resources necessary to stop advanced threats
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.