Red teaming is not a new concept within the cyber security community. However in Australia, Red Teaming is a relatively new term for most organisations. In this blog post we'll take a dive into:
The Differences
There are key differences between a Red Team engagement and a typical penetration test. The first difference to consider is that a Red Team engagement is almost always a 'black box' engagement where very little information outside of clearly defined objectives are supplied by the client. This is also typically the case internally, with very few internal staff members being briefed on both the engagement scope, objectives and timelines.
While a Red Team engagement and a penetration test can have very similar objectives, the target scope and approach will differ dramatically. For example, a typical perimeter penetration test will be restricted to targeting an organisation via the internet utilising agreed attack methods. A Red Team engagement however will identify multiple attack surfaces to properly test an organisations overall resilience to an attack from an advanced threat actor. A Red Team engagement will engage in activities such as:
Another key difference between a typical penetration test and a Red Team engagement is the approach, team size and duration of the assessment. A typical penetration test engagement will generally consist of:
A Red Team engagement differs slightly:
Due to the nature of a Red Team engagement, the team will need to create a multi-tiered plan to successfully achieve their target objectives. This involves granular enumeration processes prior to attempting any form of planning or exploitation against a target.
Considerations
Before considering a Red Team engagement over a traditional penetration test, we recommend that customers consider their Cyber Security defensive capabilities. For example if your organisation does not have a cyber security team, strategy or critical security controls in place such as the majority of the ACSC Essential Eight then a Red Team engagement is likely not going to provide more value for you than a traditional penetration test.
The Benefits
A Red team assessment will target multiple layers of your organization to test their defensive capability against an attack from an Advanced Persistent Threat (APT). While a typical penetration test is limited to a specific service or environment, a Red Team assessment will target your technology, people and physical security to identify the risk posed by an APT (Advanced Persistent Threat) against agreed objectives or scenarios.
As part of a red team assessment, you will be able to exercise your defensive technology, incident response and user awareness training to identify and contain an active breach. By working closely with relevant teams, a red team is able to identify advanced vulnerabilities across multiple layers of an organisation and assist them in defending against successful attacks to mature their defensive capabilities.
Overall a Red Team engagement is an excellent way for an organisation to test their resilience against an advanced threat actor and to identify vulnerabilities in layers of the organisation they were otherwise not aware of.