Red Teaming
Put the security of your entire organisation to the ultimate test.
-
What is red teaming?
Red teaming is a form of ethical hacking used to perform a broad security audit. During a red teaming exercise, we impersonate a real hacker attempting to reach one or more fixed objectives, known as ‘flags’. For example, one flag could be to access your password-protected system and perform a transaction.
-
Social engineering test included
Security is a team effort. Even the most robust firewall is useless if your team members can be convinced to share access badges, keys, or passwords. That is why red teaming is not limited to checking your technical security. Just like real attackers, we also put human behaviour and business processes to the test. This technique – trying to obtain sensitive information through human interaction — is called social engineering.
Examples of social engineering
- Following someone into a restricted area, for example asking them to ‘hold the door’…
- Asking for a new access badge, claiming that the current (fake) one does not work.
- Getting access by pretending to be someone trustworthy, like a handy man.
- Leaving a virus-infected USB stick for a nosy employee to find.
- Calling on the phone, pretending to be a bank or credit card company.
The advantages of red teaming
insight
You know where you stand
in terms of security.
Awareness
You increase internal
security awareness.
Validation
You get external validation
of your security level.
-
Who uses red teaming?
The person requesting a red teaming exercise usually wants to test, prove or challenge the current security level. The results either demonstrate that additional measures are needed or justify that the security level is adequate. A staged attack can also increase security awareness in an organisation. Companies considering a merger or acquisition often request a red teaming exercise to ensure that the merging of their systems is safe.
When to perform red teaming?
Before a merger or acquisition
Periodically
Third party requirement
After a transformation
How it works
1. Preperation
Together, we specify the goal and duration of the exercise and discuss which areas should be left untouched. After gathering information about potential threats, we craft a realistic attack scenario.
2. Exection
Once the plan is approved, we breach your security in a controlled way to see how your company responds. Like real hackers, we take our time navigating through the kill chain.
3. Reporting
We log all our actions along the way. Afterwards, we present our findings and recommendations in a language that all parties can understand. We identify the next steps and their priority.
(4. Aftercare)
Optionally, we coach and advise you while you take the necessary steps to improve your security. After implementation, we can repeat the test to ensure that your security maturity has improved.
-
About refracted
Our experts have run red teaming exercises for clients in critical industries like finance, oil & gas, and the public sector. Each exercise has led to increased awareness and security in their organisation.
Red teaming in a nutshell
- Stage a cybersecurity attack to learn from it.
- The goals are always predefined.
- The test is not limited to technology alone.
- Only a few people know about the test.
Request a red teaming excercise
We test how well your people and processes respond to threats so that you can improve your defences. Make sure that you are all on the same page.
We keep your security system safe
At Refracted, we believe that everyone has the right to be safe in a digital world. That is why we dedicate all our knowledge and skills to keeping your security systems healthy. Just like power fruit, we boost up your immune system and protect you from harm.