If your company has invested in many penetration tests, you’re probably looking for more advanced ways of examining your security infrastructure.
Typically, the next step is to conduct a Red Team engagement. But when is the right time to move from the standard pentest to the Red Team operation? And what exactly does a Red Team test entail?
Let’s cover what you’ll typically receive in a Red Teaming engagement to see if you’re a good candidate for this next-level pentest:
What Exactly is Red Teaming?
You may have heard the term “Red Teaming” used in a military context. This is a tactic used in militant attack planning, wherein officers and soldiers challenge themselves to think of every possible outcome before executing an attack.
When on the battlefield, there’s no “resetting” the scenario and trying again. The army needs to be prepared for any and every situation and to pivot its plan when events change.
To think through and act out all scenarios, officers and soldiers usually group off into two teams: with a Red Team on offense against a Blue Team that’s acting in defense. Role-playing the strategies makes it easier to spot flaws in the plan and find creative solutions.
How the Red Team Methodology Applies to Cyber Security
When conducting penetration tests, cyber security professionals apply this same concept to their cyber attacks. Long before taking any action against the client, the pentesters (The Red Team) invest many hours strategizing their plan in the “pre-attack” phase.
Just like military persons spend countless hours running through different scenarios, Red Teaming involves many hours of digging through Open Source Intelligence (OSINT) and careful step-by-step planning, wherein many pentesters strategize ideas for how they’ll exploit vulnerabilities.
The pentesters often team off into separate groups targeting different attack vectors. For instance, one team may focus on internal network attacks while another on exploiting application vulnerabilities. This allows each team to focus on their own attacks in a no-holds-barred approach, simultaneously with each other.
This technique is used because Red Team pentesters are only looking for one way in, unlike traditional pentests where the goal is to discover as many vulnerabilities as possible. Red Team pentesters only need one point of entry to get into a system undetected, because their whole goal is to spend many weeks (typically 3-6 depending on the agreed timeline of the operation) escalating laterally through your system to access the juiciest data they can without being discovered.
When to Move Beyond Traditional Pentesting & Start a Red Team Engagement
A big question we get asked is, “when do I switch from traditional penetration tests to a Red Team engagement?”
While there’s no set timeline or company size that merits a Red Team operation, there are a few crucial questions to ask yourself:
- Have you already conducted numerous, diverse pentests? There are six main types of penetration tests. We recommend conducting a few tests— in different areas— before readying for a Red Team test. For instance, one year you might run a social engineering test while another a wireless pentest.
- Would you consider your security posture mature? Are you confident in the defenses you’ve already built? If you’ve had your security thoroughly tested and want to see how it stacks up against master-level pentesters, try a Red Team engagement.
- Is a Red Team operation within your budget? You are used to the typical penetration test costing around $25K. A Red Teaming project typically begins at $40K. If this is within your company’s means, it may be time to up the ante.
See How Ready You Really Are
Think you’re due for Red Team penetration testing?
Check your current security measures first by downloading this 5 1/2 Easy Steps to Avoid Cyber Threats guide to see if you have the proper precautions.