Red teaming is an intelligence-led assessment that simulates real-life threat actors. The purpose of a red team assessment is to demonstrate how real-world attackers would attempt to compromise critical functions and underlying systems of an organisation. Real-world actors can include cyber criminals, hacktivist, state-sponsored actors such as Advanced Persistent Threats (APT), as well as insider threats.
A successful engagement involves identifying weakness in the internal security team detection and response capabilities, challenging staff security awareness and attacking the processes and underlying technologies. Ultimately, the aim of the assessment is to work with the organisation to improve their security posture and enable better detection and response to such threats in the future.
Compared to a typical penetration test assessment, red teaming is goal-oriented and aims to assess the organisation holistically by using Techniques, Tactics and Procedures (TTPs). TTPs are ways to define an adversary’s behaviour by their attack lifecycle, methodology, use of tools, attack methods, and many other characteristics. A penetration test assessment is typically loud and aims to find as many vulnerabilities as possible within the time constraints. A red team assessment is covert, targeted and usually lasts over a longer engagement period. Organisations may wish to test whether it is possible to obtain sensitive information from a particular server, access to the CEO’s email or complete domain dominance.