How effective would your security measures be if a real attack occurred? A Red Team assignment is a realistic – but controlled – cyber attack that can give you an accurate picture. A Red Teaming assignment often goes beyond the digital domain – options can also include physical penetration testing and social engineering. This makes Red Teaming ideal as an exercise for your blue team, to make them even better prepared when a real attack occurs.
As an organisation, you want to know:
- Could a malicious party get hold of the organisation's crown jewels?
- How effective are our security measures? Where are there blind spots that make us vulnerable to attack?
- How good is our Blue Team? Are they detecting suspicious signals and can they intervene in time?
- Are the processes we have set up in the area of security working?
- How security-aware are my employees’ actions in practice?
Red Teaming by Computest answers these questions for you.
What is Red Teaming?
Red Teaming is a highly realistic and specialised cyber attack on your systems and processes that goes beyond tabletop exercises and dry runs. It includes the entire organisation in its scope. Prior to the test, we will together determine the goal to be achieved(objective), and the resources at our disposal. The objective depends on the request from the organisation and the security measures it has in place. An example might be: try to gain access to the financial administration system or to the server room.
While carrying out the test, the Computest red team will try to remain unnoticed, just as a real attacker would. In order to make the attack as realistic as possible, it is therefore important that as few people as possible within the organisation know about the assignment.
Afterwards, the team of security specialists from Computest will make a presentation revealing whether and how the objective was achieved, and which attacks Computest used for the purpose. These actions can then be compared with the attacks that the blue team has detected, in order to devise new security measures.
Red Teaming Process
What do we do during Red Teaming?
In Red Teaming, there are many possible methods we could use to achieve the objective.
The different methods can be divided into 3 categories:
- Testing technology
- Testing people
- Physical testing (the building, etc.)
Deciding which of these are desirable and fall within the scope is something we always do in consultation with you as the client. Some examples are:
- Hacking attacks against available IT infrastructure (on-premise or via cloud);
- Development of our own malware to obtain permanent access (persistence);
- Social engineering by means of phishing or voice-phishing targeting employees;
- Physical intrusion (e.g. by means of tailgating);
- Cloning access passes and/or lock-picking;
- Distribution of malicious USB sticks(baiting) or other hardware.
Because we have our own Research & Development department, the capacity and resources are available to constantly develop new, appropriate attacks for our clients.
What do you get after a Red Team assignment?
A comprehensive and pragmatic report on the assignment carried out, with recommendations for further improving security. All the activities and tests performed are described in the report, in order to make clear what the ultimate attack involved. This report will be discussed with you on location and we also offer the option of presenting it to, for example, the management or the board, in understandable/business language.
A Red Teaming assignment helps you decide which measures you want to tighten up or bring in to make your organisation even more resilient to cyber attacks. Or which measures are no longer necessary, or less so.
In addition, it gives your organisation's Blue Team, if there is one, the opportunity to test their skills in a realistic attack simulation, so equipping them even better to deal with cyber attacks. You can also decide on further training for your Blue Team if it turns out they are still lacking skills.
Why have Red Teaming carried out by Computest?
We have many regular clients because both parties see the added value of long-term cooperation. Our clients choose Computest because of the good working relationship they enjoy with us, our flexibility and the extensive security knowledge of our security specialists, which we are happy to share. In addition, organisations specifically choose Computest for this service, because:
- Every Red Teaming assignment is carried out by creative, highly experienced and skilled security specialists who understand "the business" as well as having extensive security skills. They also boast a range of specialties and backgrounds (e.g. in the field of risk management or system management). In this way we limit the chance of damage to the business or critical systems and you can be sure we won’t accidentally destroy anything.
- Having our own R&D lab means there is a good chance they will find a smart way to achieve the objective.
- Our vulnerability scanning tool Marvin_ has knowledge of current threats.
- A Computest Red Teaming assignment is always tailor-made and does not follow a standard script.