Red Teaming

Red Teaming is an effective way to really test your security.

Put simply, Red Teaming involves SOS operatives putting themselves in the place of a motivated attacker. It differs to a standard penetration test in that, instead of testing a specific set of security controls, a Red Team is focused on the goal (access) rather than the method.

A Red Team assessment employs creativity and utilises tools and techniques that may not have been anticipated or planned for. A Red Team’s purpose is to think like a real attacker, who will not be aiming to test your defences, but aiming to breach them by any means possible – often by thinking outside of the box.

A sensible organisation can see the value in testing the defences on their facilities and systems, but a Red Team operation also allows scope to find any bias, blind-spots or presumptions in your security posture as a whole. SOS Red Team methodology employs creative thinking, an agile approach and considerable tenacity to rigorously test your security. By thinking like an attacker, or one of your competitors, the Red Team are driven to gain access and are not restricted by assumptions or preconceptions.

In a Red Team engagement, rather than determining which systems to test, it might be more effective to outline what is not in scope. With broader boundaries a Red Team may find vulnerabilities that stem from cultural bias in system design, flawed conclusions, or the limitations and expectations of an insider perspective.

A Red Team exercise with a broad scope might combine off-site reconnaissance or remote network access with a physical penetration test, site audit, or utilise social engineering techniques such as tailgating. Rather than replicating only the most likely attack methods, Red Team operatives will also try unlikely ones, employing creative approaches that a motivated attacker would use without hesitation.

A layered approach is employed, with multiple attempts at breaching defences. For example surveillance to identify security controls, intrusion to gather cards and keys, or duplicating access passes might be combined with disabling alarms or picking locks. One operative might try to tailgate into a facility while another triggers an alarm or tests the rear door.

Red Team operations should be utilised judiciously. Where a specific penetration test is often repeated to gauge efficacy of the new security profile after changes have been applied, Red Team Analysis is broad, intensive and sometimes intrusive, and is best performed only occasionally (annually for example).

To discuss how our specialist security services can help your organisation test your security or train your staff please contact us on 1300 922 923 or complete the enquiry form by pressing the button below.

Contact Us