How Red Teaming can help you identify systemic weaknesses and control gaps

Working with mature organisations, we use full chain attack simulations to identify high level weaknesses and control gaps that simply aren’t highlighted by standard approaches such as traditional penetration testing.

Our typical red team simulation starts with a comprehensive scoping exercise, including a review of applicable threat intelligence.  Threat intelligence might be something that you keep a record of yourself, that you commission from a specialist threat intelligence provider, or something that you gather from industry peers and the general marketplace.  The threat intelligence is an important feed-in to our red teaming as it allows us to make sure we’re emulating the Tactics, Techniques and Procedures (TTPs) of the right sort of threat actors.  Red teaming is most effective when we emulate the threats that are most relevant to your business.

Once we know what types of threats are likely to target you, and how they generally operate, we will work with you to understand your critical systems and data assets and therefore to distil the likely objectives that those threat actors will be looking to achieve.  It might be gaining access to a critical customer database, or stealing payment card information, or interrupting your business.

We also need to understand what types of questions you are hoping to answer about your business and your existing cyber security resilience.  Are you concerned about gaps in detective control coverage?  Are you worried that the tools you have at your disposal aren’t functioning as you expect?  Do you have uncertainty about whether your internal responders will react in the right way, or do they need more training?  Do you need to make the case for more investment in your internal security programmes?  Understanding your business objectives up front helps us focus our efforts and make sure we’re delivering real value for your security programmes.

Once we’re armed with a picture of your likely threats, your attackers’ likely objectives and your overall business goals for the exercise, we come up with a comprehensive plan of attack which we will ask you to agree.  A big part of any red team attack plan is risk management, and we will work very closely with you to ensure the attack is executed safely and without any undue disruption to your business.

Whilst our red team executes our attack plan, we work closely with your nominated control group to ensure that you’re kept informed of progress and understand how things are progressing.  In any red teaming exercise, we’re not trying to achieve full coverage of any and all vulnerabilities in a business or network – instead, our attackers are using the same techniques as your real-life threats to try and execute an attack path that leads to their attack objectives.  It means that the results of a red team exercise can be very illuminating.  As well as identifying individual weaknesses and vulnerabilities that can be exploited, our red team is able to identify and distil high-level strategic weaknesses overall and advise on how best to address these.

Our services have helped our customers identify and address gaps that they otherwise may never have noticed: from IoT devices generally having inappropriate trust relationships with internal systems, via unexpectedly weak network segregation and through to whole segments of legacy shadow IT which was unmaintained.  We’ve identified attack paths which bypassed fundamental security assumptions upon which key risk management decisions were made, and identified blind spots for detection and response which left attacks undiscovered.

Our red team focus on your business priorities and on answering the important questions you have about your business’ security; this is how we achieve real value for your money and help you prioritise your remedial work.