Intro
If you are involved with the infosec community odds are that you have heard the term “red teaming”; but do you know where the term originates from, what does it include when we are talking cybersecurity, and finally is it something that your organisation needs?
A blast from the past
It was back in the 1960s when for the first time the US Army first coined the term “Red Team”. In it’s first iteration the Red Team were officers that were playing the part of the Soviet Block during tabletop exercises. The “Blue Team” during those scenarios were the United States and their allies.
As with most successful military initiatives the practise was adopted by other militaries across the globe, law enforcement organisations, and of course the private sector. Red teams were mostly associated with “contrarian thinking” and fighting groupthink.
The digital era
With the rise of digital networks came the need of security in the cyber environment. Amongst the practises used from information security professionals to secure the data of their clients, we find “Red teaming”. It is obvious that the context behind the term has changed from its early days.
When talking cyber, Red Teaming is usually a process for testing cybersecurity effectiveness where a team of ethical hackers conduct a simulated and non-destructive cyberattack. Considering the rules of engagement a physical aspect can be incorporated in the attack that involves testing the physical security of a facility, including the security practices of its employees and security equipment.
During the engagement the Red Team employ the same tools and techniques used by real-world attackers to probe an organisation’s security measures. Common techniques and tools include social engineering, physical security testing, application penetration testing, network sniffing, tainting shared content, and brute forcing credentials.
Why employ a Red Team?
The most important reason to perform a Red Teaming exercise is to evaluate how your established security systems work in a real-life event. It can identify and assess vulnerabilities in both the attack surface and attack paths. Thus, helping the organisation to prioritise security systems it needs.
Limitations of the Red Teaming engagement
While it is a very helpful tool for organisations that have made a serious investment to their security walls, it wouldn’t really help an organisation that is starting now in its long voyage of cybersecurity. It is true that a red teaming exercise can identify vulnerabilities that were not on the organisation’s security team (aka Blue Team) radar. But due to its inherent limitation of being goal oriented it might miss several weak spots on the organisations attack surface simply because another route of penetration was used by the Red Team.
Outro – So, do you need it?
In one word, maybe.
If you are confident on your organisation’s cyber defences then yes, it is one of the best ways to test your resilience.
If on the other hand, your organisation is currently still in the process of building its cyber defences, then different approaches should be employed to optimise the value that you will receive for your buck.
In any case our consultants will be happy to evaluate your situation and provide you with a solution that meets your organisation needs.
Click here to get in touch if you want to discuss way to improve your security in the digital arena.