What is a Red Team?
A Red Team engagement is the most realistic way to test the resilience of your organisation’s security controls. They are used to assess not only your technical IT controls, but also your people, your processes and your organisation’s response to a real-life threat scenario.
The engagements closely mimic the Tactics, Techniques and Procedures (TTPs) of actual Advanced Persistent Threats (APTs), and help answer questions like:
- Would you detect if an advanced attacker had breached your external perimeter?
- Could you fully evict an attacker if they had a foothold on your internal environment?
- How easily could an attacker compromise and exfiltrate your critical and sensitive information and would you be able to detect it?
How does a red Team work?
Simulating a skilled and motivated attacker, Sekuro will craft and execute a series of real-life attack scenarios. These aim to breach your security by any means possible, within the boundaries of the law and what is agreed with you.
Every Red Team is tailored to your specific requirements, and can include elements of:
Red Teaming VS Penetration Testing
In comparison to traditional penetration testing, Red Team Attack Simulations are multi-layered and focus on achieving the end objectives rather than the specific methods.
This allows Sekuro to think outside the box to create innovative scenarios you may not have planned or prepared for. It highlights blind spots in your defensive strategies, whilst accurately measuring your full defensive capabilities against an advanced attacker.
The deeper testing offered by Red Teaming allows assessment of the defensive capabilities of your organisation across the full attack lifecycle – from detection to initial response and triage, flowing through to the ability to evict an attacker before they can inflict significant damage.
Red Team Attack Execution Methodology
Sekuro will discuss the objectives of the assessment as well as the methods, techniques and systems included for the scope of the exercise. You can also ask for specific methods to be included if you need to test a particular process or policy, with Red Team activities being highly customisable to an organisation’s requirements.
Timeframes will be discussed and agreed upon prior to commencement and will vary depending on the required level of sophistication desired.
Sekuro will conduct reconnaissance activities, potentially including OSINT, physical surveillance, intelligence gathering and signal scanning. This recon will identify potential gaps in security controls, allowing Sekuro to craft targeted and sophisticated attack scenarios against your organisation.
Sekuro will perform a series of advanced attacks, mimicking the techniques and approaches used by an advanced persistent threat. These attacks will work towards achieving the objectives defined by the organisation during original scoping.
You will be provided with regular updates on the progress of the exercise, with 24/7 communication available directly to the consultants performing the work.
At the conclusion of the exercise, a formal report will be presented to you, detailing step by step the attacks carried out along with supporting evidence. This report is MITRE-aligned including:
- An executive summary for business management, explaining the business impact of the technical findings and recommendations that lead to an improved cyber risk management posture.
- A technical summary for technical management that provides more detailed explanation of the identified issues.
- A mapping of the threat scenarios that formed the basis of testing, and to what extent these were achievable, along with a view on the defensive controls encountered.
- Techniques used and mapped to the MITRE ATT&CK Framework, including recommendations for the issue’s remediation.
RED Team attacks are effective through its ability to provide ‘clear-cut’ evidence when exposing your security weaknesses. It bypasses the risks/ potential and other ‘ifs’ to deliver tangible evidence which cannot be argued against.