Red Teaming - do you really need one?
2 minutes reading time
Red Teaming, sometimes referred to as attack simulation, is the information security sectors latest ‘hot topic’. As the frequency and complexity of cyber attacks increase, most companies want to sell red team reviews and most offensive security personnel want to carry them out.
So, if red teaming is in such high demand, and yield such great results (which they do…) then why wouldn’t you want to carry one out for your own organisation?
Let’s look at exactly why…
The main aim of a Penetration Test is to find and exploit as many vulnerabilities in a target system (generally an isolated network or application) often with constrained timeframe. It then aims to exploit them and determine risk levels.
A Red team is aligned more closely with how a real-world attacker would try to infiltrate your system, using stealth – this could be physical attacks, social engineering or any other steps an attacker might use. They are used to test organisational resilience of your Procedural, People and Technology controls. Generally, this is an objective led type of assessment – the objective being to find vulnerabilities by any means possible.
The two teams are often used interchangeably and while there are certain synergies between the two types of testing in terms of tool and techniques, as you can see, the focus of each is very different.
Before you decide which type of service is going to work best for you, it’s worth pausing for a moment and internally recognise some key important pieces of information.
- What are your ‘Crown Jewels’? What do actually care about protecting?
- What are your main threats?
- Do you already carry out regular penetration testing & vulnerability assessments?
- Do you carry out remedial activities on their findings
- Do you have an internal or managed blue team?
- How mature is your security program (or do you even have one)?
If you can't answer these questions, then a penetration test is a better starting place. The value you will derive from a Red Team will be very little as they will be exposing the very obvious vulnerabilities that you have.
More simply, if you think you have all the appropriate security controls (both technologically and physically) in place across your organisation and wish to test their effectiveness then a red team is a good way to go. However, if you know your security is not perfect or you've only just commenced your security program then starting with vulnerability assessments and penetration testing is a better approach.
CDS Defence & Security can work with you to put in place a proportionate, cost-conscious approach to pen testing, enabling you to make strategic decisions and prioritise your resources and technology.
As your networks, users, devices and applications grow and change, we can then work with you to regularly expose vulnerabilities to keep you one step ahead of the cyber threat.
- Infrastructure Assessments (both Internal and External)
- Web Application and Services Assessments
- Mobile Application/ Device Assessments
- Network Device Configuration Reviews
- Server/Workstation Configuration Reviews
For more information or to discuss your cyber security requirements, email email@example.com or visit us on stand H2-358 in the Future Tech Hub at DSEI.