Red teaming describes a complete, multi-level simulation of an attack against an enterprise. The entire red team has the main goal of training and measuring your blue team's ability to detect, protect and react when facing a real attack. In comparison with a traditional penetration test, red team assessments often take place over several weeks or even months to allow for a more stealthy and selective approach by the attackers, or the so-called red team.
Penetration Test vs Red Teaming
Whereas penetration tests and security assessments often focus on a very specific aspect of your company's infrastructure, its assets and related vulnerabilities. A red team attempts to measure the effectiveness of the whole enterprise (people, technology, processes and physical elements) to defend its IT infrastructure. A red team assessment can answer the question if your implemented cyber security measures, crisis concept, detection mechanisms, processes and monitoring work well together and are able to detect and react to state-of-the-art attacks.
To simulate such an attack, the red team is given no information about the target and has to work its way from the outside all the way into the heart of your company's infrastructure. This involves techniques like information gathering via open source intelligence (OSINT), social engineering attacks like phishing and employment of sophisticated, tailored software to gain access and maintain control over the target infrastructure.
In order to challenge the blue team and your company's defenses, the red team exercise is based on missions which are defined in collaboration with the customer. These missions are specifically tailored to your company and usually involve key business-critical assets and systems. This may include access to core systems or sensitive data, modification of the company's public-facing assets or the exfiltration of data.
Lessons learned help to raise defenses
As a conclusion of the red team assessment – and simultaneously the most important aspect of it – debriefing workshops are held between the red team and the blue team (your cyber defense team). These workshops serve the purpose of identifying and assessing the capabilities of the blue team, providing it with detailed information about the performed attacks (such as indicators of compromise (IoC) according to the MITRE ATT&CK™ tree), identifying potential blind spots and ultimately improving the overall security posture and resilience of your company.