Red Team Assessment
Penetration Testing is often the core element of an organisations information security strategy. However, to fully understand whether your company is prepared to withstand a full-scale cyber attack, a Red Team engagement is the closest you will come to simulating an advanced persistent threat against your organisation. Our consultants are trained to rigorously test your organisation’s ability to detect and respond to the current threats posed to your industry.
Red Team assessments are complex assessments that span over multiple attack vectors, which aims to simulate a realistic scenario from an Advanced Persistence Threat (APT) group’s perspective. This will include covertly attacking a company’s external and internal network(s), applications, people and physical security controls.
Our experienced security consultants (that have worked in the intelligence and special operations community) will use the latest threat intelligence gathered on your organisation to deliver an engagement that mimics real-world situations that would be carried out by organised crime groups, state-sponsored actors, insider threats, corporate espionage spies and politically motivated groups.
Testing all Areas of Your Business
By simulating an advanced persistent threat, red team engagements fully test the ability of your organisation from its staff, technology and policies to identify and mitigate against such threats. The red team consultants will assess the whole attack surface of your organisation, and identify areas where sensitive information and critical assets are at risk of compromise.
Red team engagements are capable of detecting many of the vulnerabilities that are often overlooked and inherently restricted by scopes in traditional testing methods due to the comprehensive methods the consultants use.
Real Life Attack Scenarios
Cyber criminals and state sponsored actors will use any method to exploit any and all vulnerabilities they can to compromise your organisations security and reach their end goal. Our red team consultants will reply the same tools, procedures and tactics to ensure the advanced persistent threat simulation is as realistic as possible.
The red team engagement will use a blend of attack tactics to challenge the virtual and physical defences of your organisation deploying tactics such as social engineering campaigns, simulated malware and ransomware attacks and physical intrusions on company sites.
What is Advanced Persistent Threat (APT)?
APT stands for Advanced Persistent threat and is a real danger to todays businesses.
Advanced Persistent Threat (APT) groups are organisations that are classified worldwide as actors that lead attacks on a country or organisations information assets that are of financial, security and strategic economic importance. These are often the big players reported in the mainstream media such as Fancy Bear from Russia and Lazarus Group from North Korea and use tactics such as misinformation, social engineering and sophisticated hacking techniques over a sustained period of time.
Due to the advanced and continuous nature of these attacks, they are often aimed at high level organisations and state targets, however small to medium sized business are often in their sites if they make up the supply chain of these bigger targets.
Our Red Team Framework
This first stage is an opportunity for the client and consultant to establish boundaries and rules of engagement for the assessment which will ensure minimal risk is out on the day to day running of your organisation. Our expert consultants will identify current risks associated with the clients business and build goals to simulate that risk.
Our consultants will use a number of tactics to covertly gain information on your organisation that is available within the public domain.
Information gathered at this stage will be used in phishing style attacks and for information on the physical target.
Our consultants will use the information from the reconnaissance phase to now gain a foothold into the networks, or breach buidings.
Stand-off electronic attacks against wireless networks, electronic bypass methods and spear phishing can be used by our consultancies to breach locations.
Command and Control
Once a foothold has been established, our consultants will test the resilience of an organisation to establish its response to an advanced persistent threat and its capability of identifying any ingress and egress of sensitive or malicious data.
Simulating the movements of a real world ‘hacker’, consultants will use techniques often found during a penetration test to move laterally through the company to gain access to critical or company sensitive data.
Post engagement is an opportunity for our consultants to debrief the client prior to report submission and offer expert tactical and strategic recommendations to help further develop your security strategy and enhance your future response to potential cyber attacks.
What Are The Risks?
IT Security and the associated terminology is a mainstream issue for all businesses due to the reliance business places on its IT systems combined with the prevalence of attacks.
IT Security issues have become commonplace in todays society with almost weekly coverage in the news regarding the latest data breaches with the larger attacks attracting substantial financial penalties.
Various forms of compliance exist that mandate regular Penetration Testing as a required standard and the risks of not doing anything are widely publicised.
How Can We Help?
Pentest People can help alleviate the risks associated with IT Security issues by performing regular Internal and External assessments of your corporate infrastructure to identify if any issues exist and to give you an ability to remediate these before an attacker could exploit them.
Pentest People are accredited to CREST and UK NCSC CHECK standards and can provide infrastructure testing against all types of IT infrastructure used within your organisation
Red Team Assessments allows access to SecurePortal
Until now, the traditional deliverable from a Penetration Test engagement has been a lengthy 100+ page PDF report.
Pentest People have developed a solution to this issue where you interact with your vulnerabilities within the SecurePortal.
Constantly updating Vulnerability Information to stay in touch with the emerging threat landscape.
Receive overview and trend data of all of the current security issues you face in your organisation. All viewable on an interactive dashboard.
Rest assured that your assessments are performed by qualified Security Consultants.
Our specialised team of security consultants hold industry qualifications such as CHECK Team Member & Team Leader, CCIE, CISSP and CEH.
Understand the Internal and External security issues you face through a very thorough assessment from a qualified security consultant.
- Identify Security Vulnerabilities within your organisation allowing you to proactively remediate any issues that arise
- Improve your security posture, allowing you to reduce the threat of a cyber attack occurring against your business
- Comply with various regulatory bodies who mandate regular Penetration Testing be performed within your infrastructure
- Be able to prove to your supply chain that you are taking the necessary precautions to ensure your strong security posture
- Be able to focus efforts on important security issues by identifying the high-risk items identified in the Penetration Testing report