Our Red Team exercise is a goal-based assessment where we attack just like a real-world adversary using real world techniques to gain access to an agreed target within your IT environment.
The benefit of conducting such an assessment is that it tests your defenders (people) as well as your defences (technology). It also tests your ability to detect and defend against a realistic and relevant attack as we take into account your risk environment and build attack scenarios that are most likely to occur in your business sector.
Many organisations rely on traditional penetration testing to protect IT. Although penetration testing is a key component of a cyber security strategy, it assumes that the attacker has access to your IT environment, has credentials and can run scanning tools undetected. Real world attacks do not occur in this manner so a Red Team exercise can add value to your penetration testing regime.
Our Red Team exercise can also test the effectiveness of your alerting, logging, and monitoring systems, whether they are in-house or outsourced to a Managed Security Service Provider (MSSP).
Full-scope Red Team engagements tend to be longer than traditional penetration testing engagements typically ranging between 3 and 4 weeks due of the custom development and implementation of tools, techniques, and in depth reconnaissance activities we undertake. The assessments are also often built upon lack of up front information and the ‘ability to take an opportunistic attack’ approach.
Our dedicated Red Team, have a vast and wide reaching level of expertise in the cyber security industry. We align our Red Team operations to not only industry standards such as MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) and NIST Cybersecurity framework but also to the cutting edge real world tactics used by our adversaries. This ensures you get a professional consistent service which is as close to a real world attack as possible using all the latest TTPs and threat emulation.