Red teaming

Put the security of your entire organisation to the ultimate test.

What is red teaming?

Red teaming is a form of ethical hacking used to perform a broad security audit. During a red teaming exercise, we impersonate a real hacker attempting to reach one or more fixed objectives, known as 'flags'. For example, one flag could be to access your password-protected system and perform a transaction.

Social engineering test included

Security is a team effort. Even the most robust firewall is useless if your team members can be convinced to share access badges, keys, or passwords. That is why red teaming is not limited to checking your technical security. Just like real attackers, we also put human behaviour and business processes to the test. This technique – trying to obtain sensitive information through human interaction — is called social engineering.

Examples of social engineering

Following someone into a restricted area, for example asking them to 'hold the door'.
Asking for a new access badge, claiming that the current (fake) one does not work.
Getting access by pretending to be someone trustworthy, like a handy man.
Leaving a virus-infected USB stick for a nosy employee to find.
Calling on the phone, pretending to be a bank or credit card company.

The advantages of red teaming

Insight

You know where you stand
in terms of security.

Awareness

You increase internal
security awareness.

Validation

You get external validation
of your security level.

Who uses red teaming?

The person requesting a red teaming exercise usually wants to test, prove or challenge the current security level. The results either demonstrate that additional measures are needed or justify that the security level is adequate. A staged attack can also increase security awareness in an organisation. Companies considering a merger or acquisition often request a red teaming exercise to ensure that the merging of their systems is safe.

When to perform red teaming?

Before a merger or acquisition

To make sure that merging your systems is safe.

Third party requirement

When requested by a shareholder or a regulator.

Periodically

To stay aware of your security level.

After a transformation

To validate whether the security efforts have paid off.

How it works

1. Preparation

Together, we specify the goal and duration of the exercise and discuss which areas should be left untouched. After gathering information about potential threats, we craft a realistic attack scenario.

2. Execution

Once the plan is approved, we breach your security in a controlled way to see how your company responds. Like real hackers, we take our time navigating through the kill chain.

3. Reporting

We log all our actions along the way. Afterwards, we present our findings and recommendations in a language that all parties can understand. We identify the next steps and their priority.

(4. Aftercare)

Optionally, we coach and advise you while you take the necessary steps to improve your security. After implementation, we can repeat the test to ensure that your security maturity has improved.

About Refracted

Our experts have run red teaming exercises for clients in critical industries like finance, oil & gas, and the public sector. Each exercise has led to increased awareness and security in their organisation.

Schedule a meeting

Red teaming in a nutshell

Stage a cybersecurity attack to learn from it.
The goals are always predefined.
The test is not limited to technology alone.
Only a few people know about the test.

Request a red teaming exercise

We test how well your people and processes respond to threats so that you can improve your defences. Make sure that you are all on the same page

We keep your security system healthy

At Refracted, we believe that everyone has the right to be safe in a digital world. That is why we dedicate all our knowledge and skills to keeping your security systems healthy. Just like power fruit, we boost up your immune system and protect you from harm.