7 April 2017

Concern about the rising threat of cybercrime to businesses is well placed. Modern cybercriminals are persistent, sophisticated and well-resourced. In order to achieve their goals, they will attempt to exploit any and all vulnerabilities.

Ensuring your organisation is prepared to respond to an attack is essential.

 

A red team operation is a simulated cyber-attack that rigorously tests an organisation’s ability to detect and respond to breaches. Mirroring the covert tactics and methodologies of real-life attackers, red teaming can highlight critical exposures within IT infrastructure, applications, personnel and processes as well as recommend remedial actions to address any identified weaknesses.

The importance of real-life assessment

 

As global investment in cyber security grows, many businesses have come to recognise the value of regularly assessing the effectiveness of their cyber security to stand up to the latest advanced threats.

Much like the need to test business continuity and disaster recovery plans, the importance of red teaming for evaluating the strength and suitability of in-place cyber security controls and procedures is also highly beneficial for mitigating risk.

A comprehensive cyber-attack simulation can help to prepare businesses for worst-case scenarios, quantify potential damage and help to channel future security investments.

 

How red teaming differs from pen testing

 

A red team engagement differs from penetration testing in a number of key ways.

Whereas a penetration test is commissioned to identify as many vulnerabilities as possible within a short timeframe and widely present findings to stakeholders, the goal of a red team operation is to covertly test an organisation’s detection and response capabilities over weeks and months, often without the knowledge of all in-house personnel.

Capable of challenging both physical and virtual defences, a red teaming engagement invariably has wider scope than a pen test with, subject to agreement, a more liberal license to attack an organisation by the most appropriate means necessary. Like all professional ethical hacking engagements however, the aim of a red team operation is to cause no damage to infrastructure or disruption to everyday operations.

To increase the chance of a simulated attack going undetected, a red teaming engagement will utilise a variety of hacking methods. This can include social engineering techniques such as phishing, custom malware deployment and even infiltration of a business’ premises to gather intelligence and plant nefarious devices.

While a penetration test commonly exploits vulnerabilities to the point of compromise or high-level privileges are obtained, a red team exercise attempts to navigate deeper into an exposed network to seek out additional points of interest and gain access to assets such as business data.

 

The red team methodology

 

To accurately replicate the tactics, techniques and procedures of a malicious attacker, red teams follow a tried and tested approach. This starts with active and passive reconnaissance, to gather information that could be used to trigger an attack.

Once any vulnerabilities have been identified, the red team will attempt to exploit them through various means, including the installation of custom malware on target networks and devices.

Once a foothold on a network has been established, the red team will then seek to establish multiple access channels in order to maintain access, escalate privileges, aid lateral movement and maximise target network presence.

 

Applying the lessons learned

 

Following the completion of a red team engagement, a clear and comprehensive stakeholder feedback process begins. This ensures that the commissioning organisation is able to act quickly to address any recommendations provided.

Reports typically detail if, when and how the customer environment was breached and which assets were compromised. Feedback also includes a clear and concise action plan, with a prioritised list of recommendations to help address any identified vulnerabilities. Example actions could include performing software upgrades, improving storage and encryption processes and enhancing employee awareness and training.

 

Choosing a suitable red teaming provider

 

When selecting a company to perform a red team operation, it’s important to turn to an organisation with both the experience and expertise to perform a simulated cyber-attack that is realistic yet as safe and controlled as possible.

Certified to CREST, CEH, OSCE, OSCP and OSWP standards, Redscan’s team ethical hackers possess the skills and knowhow to thoroughly challenge defences and provide the level of support needed to minimise cyber security risk.

By adopting the mindset of the adversary, utilising latest black-hat tools and offering clear advice, Redscan’s dedicated professionals can help organisations of all sizes make genuine improvements to their cyber security posture.

 

Learn more about red teaming and Redscan’s Red Team Operations service

 

back to all posts