Although vulnerabilities may seem small on their own, when they’re tied together to form an attack path, they can cause significant damage. Our Red Team demonstrates how a real-world adversary might attack a system and how that system would hold up against an attack. After a Red Teaming exercise, you’ll have a better understanding of your organization’s security posture as it relates to specific threat actors attacking a set of defined assets. Most importantly you’ll know where to focus your efforts for improvement.
It’s a technique that combines information gathering, blackbox penetration testing, and social engineering. The goal is to simulate an attack, exactly how real hackers would do it. Therefore, you don’t test just your system unit, but the whole infrastructure, together, with your own employees. So the positive thing is that your IT/ IT Security Team can also test if they would be able to detect an attack. “This is one of the best ways to practice the procedure, and better yet, with trusted hackers on your side!”
Red Team exercises are conducted to practice and foster security awareness and communication between teams and identify potential deficiencies.
A Red Team exercise covers three aspects of security:
A company’s own employees are often the weakest link. We can test awareness of social engineering and physical security controls like gates, locks, sensors, etc.
Targets existing and/or planned technology assets or systems, configurations, and vulnerabilities Processes/Security Response.
What actually happens in an attack? How will your teams respond? How will they escalate and coordinate with other teams to contain the incident?
|PENETRATION TEST||RED TEAMING|
|Broad testing - Find as many vulnerabilities as possible||In-depth testing - Find the one major vulnerability to get into the system and take full advantage of it to achieve the objective|
|A short period of time||A longer period of time|
|The goal is to identify the vulnerabilities of a specific area (unit)||The goal is to test the resilience of the entire company’s defenses|
|Clearly defined scope of the project (several systems or applications)||The scope of the project is to test the entire company’s security and vulnerabilities to achieve the objective and identify aspects that could be misused|
|The IT department knows about the testing and closely cooperates with the security/pentesting company||The IT department (blue team) has no idea about the ongoing exercise|
|To test the system unit||The goal is to test the IT department’s ability to recognize and defends against any random cybersecurity attack|
|-||To test the employees’ knowledge and capability of resisting the social engineering techniques that are used today|
|-||The company’s physical security is also part of the test|
|Applications are tested according to the OWASP methodology||Is not possible to follow any methodology|
This team is composed of senior ethical hackers whose goal is to infiltrate the company in any way possible.
This is the team of professional security or infrastructure protectors. They’re usually the client’s system administrators, whose goal is to detect attacks. In order to simulate a real attack, the Blue Team doesn’t have a clue about the planned attack.
This is a small group of people from the company who ordered the Red Teaming and who are actually aware of the attack.
For more information, see also this PDF.