When it comes to sporting events, the colors you wear reflect your team loyalties. With cybersecurity, for any organization that wants to understand its technology, human, and physical asset vulnerabilities, there’s really only one team to root for — the red one.
Since you already have a red team operations partner in mind, we’ll assume for the purpose of this article that you have an understanding of what red teaming involves (but if not, get a crash course on red teaming here). For good measure, a quick refresher: we describe red teaming as an attack simulation built to test an organization’s assumptions from an adversarial perspective. This attack simulation aims to identify risks and vulnerabilities related to your technology, people, and physical premises through focused attempts, mirroring a real malicious attack.
5 Questions To Ask Before Beginning Red Team Operations
That’s a lot of things to be testing, right? Well, that leads us to the first thing to discuss with your security partner before the red team operation gets underway.
1. What are your objectives?
Think about the many testing subcategories that could fall under the three main areas we just identified:
- Technology runs the gamut from networks, applications, routers and switches to appliances, IoT, software and more.
- People can include your staff as well as independent contractors, business partners, etc.
- Physical is not only your offices, but also any related warehouses, substations, data centers, buildings, etc.
Your red teaming objectives in these areas should be derived from a combination of factors, including your assets (see list item #2), threat actors (see item #3), business context (unique things your business or industry cares about) and more.
Understanding the difference between penetration testing and red teaming is important too.
2. What are your specific assets and flags?
In an initial meeting with your red team partner, you’ll want to provide information about your high-value assets and flags. The more information you can provide, clearly communicated, the less time your partner needs to spend determining the true scope of your network and systems and the red teaming methodology to follow, which helps your business get the most for its money.
Comprehensive testing will identify vulnerabilities at all attack levels. However, red teamers can often accomplish more in the agreed-upon time frame if they have a full picture of the types of assets involved. This might include:
- Intellectual property
- Classified information
- Access credentials
- Financial information (or actual funds or cash equivalents)
- Personal identifying information
- Control systems access
- Sensitive information that could be damaging to a person, brand or business reputation.
- Physical assets (computers, servers, hard copies of documents, etc.)
The better able you are to describe and even quantify your testing environment, the more accurate and specific we can be.
Download our convenient printable version of this list to facilitate talking points and make for easy note-taking.
3. Who are the threat actors?
Red team scenarios seek to mimic the actions of true adversaries to help your business address issues, better prepare responses, and improve training efforts. To make the “attack” effective, testers need to understand who might be targeting your business. For instance, are you more likely at risk of a broad-based attack, where cyber criminals are taking a scattershot approach to find any entry point to something valuable? Or, are you going to be specifically targeted by sophisticated actors who have a particular goal and deep motivation to reach that objective?
Aiming to identify and understand the motivations of the bad actors who might attack can help red teamers to determine what types of tactics, techniques, and procedures are most likely to be used and, in turn, determine the appropriate red team scenarios to employ. Anticipating the level of organization, depth of resources, and passion to succeed, can help determine the red teaming activities necessary. And if you don’t know your threat actors? That’s something your red team partner can help you think through.
4. Have you ever done red teaming before?
Knowing whether you have done this type of testing before helps red teamers anticipate what they might encounter. For instance, it helps to know if your employees have been through this type of engagement before. Past red team findings and remediation efforts would also be useful to share. Additionally, you’re more likely to know your appetite for risk, which can help you and your red team partner make smart choices about level of testing, techniques, and procedures.
Of course, there’s nothing wrong with never having done red teaming before. We’re glad you’ve decided to join the party. Nevertheless, you may want to familiarize yourself with what to expect and how to prepare for an engagement with RedTeam.
5. Do you have any armed guards or other potentially dangerous assets your testers may run into?
Just as red teaming is about being proactive in the face of cyber threats, take the necessary steps in advance to ensure the safety of everyone involved. If there’s a fierce guard dog at a warehouse, it’s a good idea to let your partner know. Certainly, if there are armed guards the team might surprise when attempting to access the physical premises, that’s need-to-know information too.
Additionally, while you don’t want to tell everyone at your organization about the red teaming before it happens (that can undermine the reliability of results as your team may be more on guard than normal), there has to be someone on your team that is an always-available point of contact. Yes, that means 24/7, for the duration. Having someone on the inside, aware of the engagement, authorized to act can help ensure any issues are quickly resolved.
Ready to have this conversation with your red team operations partner? Download our handy printable version of this list to facilitate talking points and make for easy note-taking.
RedTeam Security provides its cybersecurity expertise to organizations in a range of industries, including healthcare, finance, critical infrastructure, commerce and more. Our red team engagement isn’t finished when we hand over the report. We stick around to offer expert support as you prioritize and remediate based on or findings, and remediation retesting is always free. Click here to schedule a consultation with our team of experts today.