IBM X-Force Red Provides Collaboration Portal for Security Testing

IBM's elite penetration testing security team adds a critical tool to its portfolio to help improve security outcomes, with the new Red Portal collaboration platform.

Security Experts

IBM today is announcing the new Red Portal cloud based collaboration platform for its elite X-Force Red security team, providing new visibility and control to organizations that are using IBM's security testing services. The X-Force Red security team was first publicly announced in August 2016. The new Red Portal is welcome addition to the X-Force Red's operations. "Prior to The Red Portal, X-Force Red used static documents, email, phone calls, and sometimes on-site meetings to communicate with clients," Charles Henderson, Global Head of X-Force Red, IBM Security, told eWEEK. "The portal gives us the opportunity to turn all of these documents into living documents."

Henderson noted that while his team can certainly still drop by a client for a visit or get on the phone with a client, the power of real-time collaboration functionality is undeniable. According to Henderson, the Red Portal gives IBM Security the ability to invite its clients into the testing process and ensure that client points of contact have full visibility into the status and workings of all aspects of their security tests, security testing initiatives, and security testing programs.

In Henderson's view, security testing should be viewed as a series of journeys. The goal of the new Red Portal is to take IBM's clients from the decision of what to test, continuing through to the scheduling and execution of tests and reporting on the all results. Remediation and analytics are also key steps on the security testing journey that makes up an enterprise class testing program.

"We like to think of The Red Portal as the tour guide and virtual assistant for our client's testing program," Henderson said.

While there are no shortage of different type of collaboration tools and portal technologies in the market, the Red Portal was purpose built by IBM, to meet the needs of its X-Force Red clients.

"While we looked at existing packages, we wanted to build something that was unencumbered by legacy dependencies," Henderson said. "By building something, we ensured that we were not boxed in by existing limitations."

From a security testing perspective, the Red Portal enables IBM's clients to actually initiate a number of different security tests directly from the portal. Henderson explained that the status of the tests will be available immediately to the clients, with updates in real-time as tasks are assigned, completed, or moved from one phase to another.

"X-Force Red is able to test virtually any type of target and offers various testing depths ranging from entirely manual deep dive testing to more cost effective tool assisted testing," he said.

While testing provides insights into area of weakness that need to be fixed, there is also typically a need to integrate with development platforms that enable organizations to fix code as well. Henderson said that IBM realizes that organizations have a large array of tools that they use in their development and security programs.

"We have committed ourselves to developing integration points with as many of these tools as possible," Henderson said. "Whether a client needs the ability to integrate with a development issue tracking software or a SIEM or MSS tool, we will work to support their needs."

IBM is now offering the Red Portal collaborative project management tool to all X-Force Red clients at no additional cost.

"In fact, the transparency and reporting features of The Red Portal can reduce the amount of time and communication required to complete on-demand testing project," Henderson said. "Communication and collaboration is important for our testers as well as our clients."

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.