It’s normal to think of athletic teams in terms of their colors. Do you root for the orange and white or the blue and black?
In the cybersecurity game, you might root for the Red Team. Red Teaming is, as you can guess from our name, one of our core services. This post will help you understand what Red Teaming means and how this service can help organizations of all sizes, industries, and technical levels identify and address threats.
What is Red Teaming?
Red Teaming is a full-scope, multi-layered attack simulation designed to measure how well a company’s people and networks, applications and physical security controls can withstand an attack from a real-life adversary.
To put red teaming in layman’s terms, it’s “ethical hacking”—a way for independent security teams to test how well an organization would fare in the face of a real attack.
A thorough red team test will expose vulnerabilities and risks regarding:
- Technology — Networks, applications, routers, switches, appliances, etc.
- People — Staff, independent contractors, departments, business partners, etc.
- Physical — Offices, warehouses, substations, data centers, buildings, etc.
The premise of red teaming is comparable to the old sports saying, ‘the best offense is a good defense.’ Red teaming helps a business remain competitive while securing its business interests by leveraging social engineering and physical, application and network penetration testing to find ways to shore up your defenses.
During a red team engagement, highly trained security consultants enact attack scenarios to reveal potential physical, hardware, software and human vulnerabilities. Red team engagements also identify opportunities for bad actors and malicious insiders to compromise company systems and networks or enable data breaches.
6% to 28% of the attacks are conducted with the help of current or former employees of the infected organizations — InfoSec Institute
We estimate that each of our projects averages about 20% automated and about 80% manual, deep-dive, advanced penetration.
Who Needs It?
If you’re a small to midsize businesses, you might think red teaming isn’t for you. “I’m too small to be a target,” you might theorize. But in fact, this is exactly the line of thinking that puts an organization at risk. If you were a bad actor, wouldn’t you want to go after the guy who’d never expect it?
While you might think no one would care enough to hack into your company, businesses of all sizes — and individuals — are regularly victimized.
And it’s not just about sensitive information. Bad actors are also trying to take over the technologies that power our lives. For instance, they might be looking to access your network to better hide their activities while taking over another system or network somewhere else in the world. Your data doesn’t matter. It’s your computers they want to infect with malicious software so that they add your system to a botnet group.
The overall number of DDoS attacks by botnet is growing & increasing in complexity.— SecureList
A well-executed red team operation considers the scale of your organization alongside threats in your particular industry to tailor specific tests to perform.
Comprehensive red teaming covers Penetration Testing (network, application, mobile, device), Social Engineering (onsite, telephone, email/text, chat) and Physical Intrusion (lock picking, camera evasion, alarm bypass).
Other objections we often hear? “It’s too expensive” or “it sounds like overkill.” Yet time and again businesses silo physical and technical security. The people overseeing IT—the networks, the applications, all that good stuff—aren’t the same people in charge of the physical security—the cameras, motion sensors, or locks on the doors.
This might mean a business has the best physical security on the planet (armed guards, towers, lights, the whole shebang), but has its doors wide open on the internet. The opposite could also be true.
A comprehensive red teaming approach doesn’t have to be prohibitively expensive. Since we customize the operation to your organization’s particular needs, we can scale up or down as required.
We’ll leverage only the strategies that bad actors would most likely actually use against you. This means not all red team tests are created equal. Not all companies require highly tactical operations a la the latest cyber-espionage thriller you streamed on Netflix.
How Red Teaming Helps
Red teaming isn’t just about finding the holes in your defense. To continue the sports analogy, a good red team engagement will also provide a playbook to improve that defense in the future.
Effective red teaming operations don’t end with the discovery phase. You want to work with a red team consultant that offers remediation assistance and re-testing. After all, the real legwork happens in the weeks or even months of effort it takes after our initial engagement to implement remediation controls.
Instead of moving on as soon as the ink dries on the final report, work with a penetration testing team that provides ongoing support to ensure your business fully comprehends the findings (impact, likelihood, criticality) and is on the right track toward remediation.
For example, our clients often contact us for remediation guidance well after we hand them their report and present our findings. And we encourage this! RedTeam provides remediation assistance at no additional fee because the true value of our service is in helping close your security loop, not just reporting your weaknesses.
In addition to our free remediation assistance, RedTeam Security provides re-testing for all severities without a time window restriction and without additional cost.
Why Red Team with RedTeam?
Red Team Security offers full-force red teaming addressing cyber attacks, social engineering, and physical security in testing threat profiles. This means comprehensive testing of your business’s technical landscape as well as fully testing your people and physical security controls.
Our Red Teamers also keep you informed along the way with conference calls and access to a secure online project management portal illustrating the phases of project. When a new finding is discovered, we let you know in near real-time to enable your team to respond quickly and accordingly. We also provide your final remediation report in pdf, XML and CSV and track remediation statuses to ensure you can effectively manage any changes based on our operations.
As you can see, this is a topic we’re passionate about, and we’d love to talk with you more about it. Get in touch any time at 612-849-8661, or schedule a consultation when the time is right for you!