During the Red Team Assesment, our security experts evaluate the resilience of your security organization against a cyber attack under real-life conditions. This way you receive a comprehensive overview of your security level.
Mark Zorko, Senior Consultant at usd HeroLab in charge of our Red Team Assessments, explains in our interview what Red Teaming is about, for whom it is relevant, what makes it different from penetration tests (pentests) and how we can help you achieve more security.
How do we define Red Teaming?
Our analysts take on the role of a malicious attacker during a Red Team Assessment. In collaboration with you, we create a specific threat scenario beforehand. Our Red Team uses methods, techniques and approaches in the attack simulation an actual attacker would also utilize. We attempt to achieve the primary goal by exploiting vulnerabilities in technologies, processes and the human factor. This can be, for example, penetrating selected critical IT systems or stealing digitally stored trade secrets. This provides you with information on how effective the defense mechanisms of your security organization or Blue Team* (hereinafter referred to as security organization) are, among other things. Was the hacking attack by the Red Team successful? Was the cyberattack noticed by the security organization? If so, how early? How did the security organization respond to the attack? Subsequently, we will provide you with the identified vulnerabilities and corresponding countermeasures during the attack simulation and, if you wish, discuss them in a comprehensive debriefing. This way the protective wall against hacker attacks can be strengthened and your company risk can be reduced.
Who should conduct Red Team Assessments?
Companies that are subject to BaFin requirements fulfill the awareness measures in preparation for BAIT audits with Red Team Assessments according to TIBER-EU. In addition, every other company benefits from Red Teaming, especially if they have high protection needs for their IT assets. Our Security Analysis Report 2021 (in German) shows the importance of obtaining information about a company's own risks associated with cyber attacks. A red teaming approach is often seen as a complementary measure to a pentest because their objectives are different.
What is the difference between pentests and red team assessments?
During a pentest, the main focus is usually on finding as many technical weaknesses as possible in a specific test object. Red Team Assessments focus on the successful compromise of a predefined target. It is more comprehensive because the simulation examines human, processual and technical vulnerabilities, evaluates the likelihood of a successful compromise, and subsequently exploits the most promising vulnerabilities. This provides a holistic view of the corporate risk of a real-world attack. Let's imagine that a company has an effectively implemented IT security process and is conducting security scans and pentests on a regular basis. The Red Team approach simulates a scenario in which an employee's notebook is stolen and sensitive data can be accessed or other accounts in the domain can be attacked via this device.
What else should companies know about red teaming?
Red Team Assessment projects are very customized. How the Red Team Assessment is actually conducted depends significantly on the type of threat, the attacker model, and the goals to be achieved, and is therefore crucial to the success of the simulated cyber attack and subsequent learnings. At all times, our Red Team Assessment takes place in a controlled setting. You determine, for example, what degree of freedom the attacker is to have or whether to select special specifications or scenarios. Learn more about our approach here.
*Blue Team = The Blue Team are in-house IT security experts who defend the company against hacker attacks and Red Team offensives.