Red teams attack a customer’s security systems. The idea of a red team, whether as consultants or in-house, is to approach the target like an attacker would. A red team includes technical and human-based exploit and attempts to test defenses, probe for weaknesses, and identify vulnerable systems and processes.
While red teaming is similar to a penetration test, a penetration test tends to limit its scope to a single technology or application and report on all vulnerabilities uncovered. A red team exercise includes the whole organization and seeks to achieve a specific objective like an attacker would–for example, exfiltrate data, install malware, or steal money.
Our guest and guide to red teaming and how to get the most out of the exercise is Gemma Moore, Director at Cyberis.
- What red teams do
- Why a company might hire a red team
- How red teams differ from penetration testing
- Pitting red teams against blue teams
- Getting useful outcomes from a red team exercise
- Red team legal and ethical boundaries
- Limitations of red teaming
- Yellow teams, purple teams, and orange teams
- Red teaming can provide effective and realistic ways of assessing the capability of detection and response teams so that gaps in controls and coverage can be identified and addressed
- Legal and ethical considerations mean an ethical red team can’t necessarily directly do everything an adversary would do – but working with a red team can allow events to be simulated to assess the impact in a controlled way
- For any given organization or budget where a red team is needed to challenge security controls, there is likely to be a variant of red teaming that can be used to help highlight gaps. Typically, the compromise is between lower realism and lower budgets vs. higher realism and higher budgets.
Offensive Cyber Security Training – Zero Point Security