5. 2. 2019

Red team

Red team

We will put together a “red team” – simulating real attackers – with the goal of improving your defense capabilities. The red team can be put together for one-time or for on-going use (we recommend the latter). The fundamental principal of the red teams is that it is not limited by scope or procedures. It goes without saying that we won’t kidnap your employees or threaten work-flow. A major advantage of on-going cooperation with the red team is that we will continuously hone our knowledge and approach; this know-how will be passed on to the blue team.The more the red team is able to perform better than an actual attacker, the more effectively the blue team will then be at protecting itself.

Relevant application​

Once you have the basics covered (such as maintenance of assets, management of vulnerabilities and are able to detect and react to damaging or suspicious behavior in your surroundings), then it’s time for the red team. If you are still struggling with basic measures, then we recommend that you resolve such issues before you use and develop the red team.

Our procedure​

First, we need to agree on the objectives; then we can create a realistic attack scenario and without any systems or addresses being off-limits. An attacker does not operate with such constraints, so it’s in your best interest that the scenario is as realistic as possible. Next we will compile all needed information from entrance photos to long-forgotten conference files. Last but not least, we will carry out the attack by striking systems, circumventing physical security barriers, or by utilizing social engineering. We will wrap up by evaluating how the attack went and whether we achieved our objectives.

We are interested in the most believable attack simulation possible. That’s why we won’t be creating a script from an action film. Surely it’s possible to snip a supplier’s optical fibers or install a probe or drop a rope down into an area. We know that this is practically guaranteed to work. Yet you won’t learn anything new from this. That’s why we will perform multiple scenarios and will inform you of weak objectives, so that the scenarios are appropriate in terms of time constraints and cost.

Result

One-time or on-going meetings with your blue team, where we will go over the findings and the ways to improve resistance and the state of your security. Moreover, we will prepare a summary and presentation for your superiors. This report will include the technical details of the procedure so the test can be repeated step-by-step. Also included in the report will be our tactical recommendations for an immediate resolution of issues as well as strategic recommendations for long-term improvements.