Red Teaming

Assess your risks by detecting threats and vulnerabilities against technology, people and physical entities in an organization

Red teaming – An overview

Red team testing is an adversarial-based attack carried out by professional security evaluators, by assuming the role of a real hacker. The aim of the process is to assess the risks by detecting threats and vulnerabilities against technology, people and physical entities in an organization.

Technology

Networks, applications, routers, switches, appliances, etc.

People

Staff, independent contractors, departments, business partners, etc.

Physical

Offices, warehouses, substations, data centres, buildings, etc.

In contrast with the penetration testing where the testing is based on client provided or known information, red teaming exercise is carried out with a no-knowledge perspective or rather from the perspective of a real attacker.
Red team testing is to be seen as a component of the larger information security strategy in an organization. Typically, information security process is cyclic in nature and has the following key activities.

Red team testing comes under the assessment part of the process. Red teaming identifies the vulnerabilities and threats which serves as the basis for the risk assessment. Unlike a real attacker, red teaming aims at identifying all possible vulnerabilities in order to identify the associated risk. Red teaming exercise is capable of providing an accurate situational awareness of the security posture of the given system.

A Red Team assessment involves evaluating various areas of security in a multi-layered approach. Each area of security defines how the target (system/network) will be assessed. The target must be tested at each layer of possible intrusion/attack.

Contact Us

Red team testing comes under the assessment part of the process. Red teaming identifies the vulnerabilities and threats which serves as the basis for the risk assessment. Unlike a real attacker, red teaming aims at identifying all possible vulnerabilities in order to identify the associated risk. Red teaming exercise is capable of providing an accurate situational awareness of the security posture of the given system.

A Red Team assessment involves evaluating various areas of security in a multi-layered approach. Each area of security defines how the target (system/network) will be assessed. The target must be tested at each layer of possible intrusion/attack. The layered security approach is as shown below

Red team testing comes under the assessment part of the process. Red teaming identifies the vulnerabilities and threats which serves as the basis for the risk assessment. Unlike a real attacker, red teaming aims at identifying all possible vulnerabilities in order to identify the associated risk. Red teaming exercise is capable of providing an accurate situational awareness of the security posture of the given system.

A Red Team assessment involves evaluating various areas of security in a multi-layered approach. Each area of security defines how the target (system/network) will be assessed. The target must be tested at each layer of possible intrusion/attack.

This concept of layered security involves implementation of security controls at each layer. An identified vulnerability at one layer may be protected at another layer minimizing the associated risk of the vulnerability. The Red Team tests policy compliance of the security controls at each layer. And the control is tested in a manner specific to the area of security to which it applies. The following table lists the vulnerability assessment testing areas.

Let us get started

5 + 11 =

Information Security

  • Document Grinding
  • Competitive Intelligence Scouting
  • Privacy Review

Social Engineering

  • Request Testing
  • Guided Suggestion Testing
  • Trust Testing

Wireless Security

  • Wireless Network Testing
  • Cordless Communications Testing
  • Privacy Review
  • Infrared Systems Testing

Communications Security

  • PBX Testing
  • Voicemail Testing
  • FAX Review
  • Modem Testing

Internet Security

  • Network Surveying
  • Port Scanning
  • System Identification
  • Services Identification
  • Vulnerability Research
  • Internet Application Testing
  • Router Testing
  • Firewall Testing
  • Intrusion Detection System Testing
  • Trusted Systems Testing
  • Password Cracking
  • Denial of Service Testing
  • Containment Measures Testing

Physical Security

  • Access Controls Testing
  • Perimeter Review
  • Monitoring Review
  • Alarm Response Testing
  • Location Review
  • Environment Review

ValueMentor conducts Red Team Operations using globally accepted and industry standard frameworks. At the minimum, the underlying framework is based on OWASP and OSSTMM.

Let us help you with our GDPR ADAPT Framework