Red Teaming

Can your blue team keep us out?

What is a Red Team exercise and how is it different from a  penetration test? One of the key differences between a Red Team engagement is the effective modeling of a threat actor; nation states will attack differently from organized crime who will attack differently from a competitor.  Because we have such a strong background in incident response we have constant access to how various actors are currently attacking.

A red team engagement will often do some of the same activities as a penetration test in fundamental different ways.  For example, many penetration tests require sending phishing emails to hundreds of users.  In a Red Team engagement, often the phishes are far more targeted and reduced in the total number sent.

Finally, it is very common for penetration tests to involve multiple members of the customer organization working in conjunction to support the overall activities of the testers.  In a Red Team engagement, the customer organization often only has two or three people aware of the test at any given time.  This is because we are not only testing the organization’s technical capabilities, but we are also testing the capabilities of the people behind the technology as well. 

It is also important to note that Red Team engagements tend to take a lot more time and effort so as to fly under the radar of target security teams.  Attacks become an art crafted for each engagement.  Because of this, we only recommend Red Team engagements for organizations who have had regular vulnerability assessments and penetration tests in the past.

Interested?  Send us an email and discuss a Red Team engagement today!