Red Teaming - A Controlled Stress Test for Your Company

17. November 2022

During the Red Team Assesment, our security experts evaluate the resilience of your security organization against a cyber attack under real-life conditions. This way you receive a comprehensive overview of your security level.

Mark Zorko, Senior Consultant at usd HeroLab in charge of our Red Team Assessments, explains in our interview what Red Teaming is about, for whom it is relevant, what makes it different from penetration tests (pentests) and how we can help you achieve more security.

How do we define Red Teaming?

Our analysts take on the role of a malicious attacker during a Red Team Assessment. In collaboration with you, we create a specific threat scenario beforehand. Our Red Team uses methods, techniques and approaches in the attack simulation an actual attacker would also utilize. We attempt to achieve the primary goal by exploiting vulnerabilities in technologies, processes and the human factor. This can be, for example, penetrating selected critical IT systems or stealing digitally stored trade secrets. This provides you with information on how effective the defense mechanisms of your security organization or Blue Team* (hereinafter referred to as security organization) are, among other things. Was the hacking attack by the Red Team successful? Was the cyberattack noticed by the security organization? If so, how early? How did the security organization respond to the attack? Subsequently, we will provide you with the identified vulnerabilities and corresponding countermeasures during the attack simulation and, if you wish, discuss them in a comprehensive debriefing. This way the protective wall against hacker attacks can be strengthened and your company risk can be reduced.

Who should conduct Red Team Assessments?

Companies that are subject to BaFin requirements fulfill the awareness measures in preparation for BAIT audits with Red Team Assessments according to TIBER-EU. In addition, every other company benefits from Red Teaming, especially if they have high protection needs for their IT assets. Our Security Analysis Report 2021 (in German) shows the importance of obtaining information about a company's own risks associated with cyber attacks. A red teaming approach is often seen as a complementary measure to a pentest because their objectives are different.

What is the difference between pentests and red team assessments?

During a pentest, the main focus is usually on finding as many technical weaknesses as possible in a specific test object. Red Team Assessments focus on the successful compromise of a predefined target. It is more comprehensive because the simulation examines human, processual and technical vulnerabilities, evaluates the likelihood of a successful compromise, and subsequently exploits the most promising vulnerabilities. This provides a holistic view of the corporate risk of a real-world attack. Let's imagine that a company has an effectively implemented IT security process and is conducting security scans and pentests on a regular basis. The Red Team approach simulates a scenario in which an employee's notebook is stolen and sensitive data can be accessed or other accounts in the domain can be attacked via this device.

What else should companies know about red teaming?

Red Team Assessment projects are very customized. How the Red Team Assessment is actually conducted depends significantly on the type of threat, the attacker model, and the goals to be achieved, and is therefore crucial to the success of the simulated cyber attack and subsequent learnings. At all times, our Red Team Assessment takes place in a controlled setting. You determine, for example, what degree of freedom the attacker is to have or whether to select special specifications or scenarios. Learn more about our approach here.


*Blue Team = The Blue Team are in-house IT security experts who defend the company against hacker attacks and Red Team offensives.

Also interesting:

PHOENIX group establishes Europe-wide ISMS with support from usd AG

PHOENIX group establishes Europe-wide ISMS with support from usd AG

Particularly in high-growth industries with increasing internationalisation, such as the pharmaceutical industry, corporations today face the challenge of setting up their information security governance in such a way that it meets the associated risks and challenges....

Security Scan and Pentest: What are the Differences?  

Security Scan and Pentest: What are the Differences?  

A proactive protection against hacker attacks is essential, especially for systems and applications that are accessible from the Internet. A penetration test, or pentest for short, and security scan are frequently requested IT security analyses in this context,...

Security Advisories for Jellyfin

Security Advisories for Jellyfin

The usd HeroLab analysts examined the multimedia application Jellyfin while conducting their security analyses. Two cross-site scripting vulnerabilities were identified that allowed a simple user account to take over higher-privileged accounts, such as an...

Categories

Categories