Red Team Assessments – The Fundamentals 1.1
We’re in an age where information is king, misinformation is rife and mass data breaches are commonplace in the mainstream media. Ensuring the security of your organisation’s data, infrastructure and people is paramount and choosing the right service to secure those things is just as important.
At Pentest People, we are now delighted to offer our new Red Team Assessment service to our customers. But what is a Red Team Assessment and how does it differ from a Penetration Test?
Threat actors use an array of tactics so a Red Team Assessment needs to meet these threats head-on and simulate the methods they use. Fight fire with fire as it were.
Red Team engagements fully test the ability of your organisation, from its staff, technology and policies to identify and mitigate against a multitude of threat actors such as organised crime, insider threat, state-sponsored threats and advanced persistent threat groups. The red team consultants will assess the whole attack surface of your organisation, and identify areas where sensitive information and critical assets are at risk of compromise.
Red Team Assessments are capable of detecting many of the vulnerabilities that are often overlooked and inherently restricted by scopes in traditional testing methods due to the comprehensive simulation methods the consultants use.
Red Teaming will use a blend of attack tactics to challenge the virtual and physical defences of your organisation, deploying real-world tactics such as in-depth Open Source Intelligence (OSINT) gathering, Social Engineering (SE) campaigns, simulated malware and Ransomware Attacks, and physical intrusions on to company sites.
Using the industry recognised Red Team Framework, consultants tailor the assessment to meet the goals that reflect the risks and threats to your organisation.
The deliverable from a Red Team Assessment is a multi-vector threat analyse report which will offer your organisations technical teams and SOCs a full overview of your threat landscape, a step by step guide of vulnerabilities and breaches found by the consultants. Finally, it will present strategic and tactical recommendations to help further develop your security strategy and enhance your future response to potential attacks.