If your company has invested in many penetration tests, you’re probably looking for more advanced ways of examining your security infrastructure.
Typically, the next step is to conduct a Red Team engagement. But when is the right time to move from the standard pentest to the Red Team operation? And what exactly does a Red Team test entail?
Let’s cover what you’ll typically receive in a Red Teaming engagement to see if you’re a good candidate for this next-level pentest:
You may have heard the term “Red Teaming” used in a military context. This is a tactic used in militant attack planning, wherein officers and soldiers challenge themselves to think of every possible outcome before executing an attack.
When on the battlefield, there’s no “resetting” the scenario and trying again. The army needs to be prepared for any and every situation and to pivot its plan when events change.
To think through and act out all scenarios, officers and soldiers usually group off into two teams: with a Red Team on offense against a Blue Team that’s acting in defense. Role-playing the strategies makes it easier to spot flaws in the plan and find creative solutions.
When conducting penetration tests, cyber security professionals apply this same concept to their cyber attacks. Long before taking any action against the client, the pentesters (The Red Team) invest many hours strategizing their plan in the “pre-attack” phase.
Just like military persons spend countless hours running through different scenarios, Red Teaming involves many hours of digging through Open Source Intelligence (OSINT) and careful step-by-step planning, wherein many pentesters strategize ideas for how they’ll exploit vulnerabilities.
The pentesters often team off into separate groups targeting different attack vectors. For instance, one team may focus on internal network attacks while another on exploiting application vulnerabilities. This allows each team to focus on their own attacks in a no-holds-barred approach, simultaneously with each other.
This technique is used because Red Team pentesters are only looking for one way in, unlike traditional pentests where the goal is to discover as many vulnerabilities as possible. Red Team pentesters only need one point of entry to get into a system undetected, because their whole goal is to spend many weeks (typically 3-6 depending on the agreed timeline of the operation) escalating laterally through your system to access the juiciest data they can without being discovered.
A big question we get asked is, “when do I switch from traditional penetration tests to a Red Team engagement?”
While there’s no set timeline or company size that merits a Red Team operation, there are a few crucial questions to ask yourself:
Explore the major differences between Red Team Operations and Pentests here.
Think you’re due for Red Team penetration testing?
Check your current security measures first by downloading this 5 1/2 Easy Steps to Avoid Cyber Threats guide to see if you have the proper precautions.
Explore our Red Teaming service here.