What is a red team engagement and how can it help you?
A red team engagement is designed to simulate a likely real-world threat, demonstrating if it is possible for an attacker to gain access to your organisation, evaluate the effectiveness of your defences and assess the damage that could potentially be done once inside, typically without being detected.
Testing is goal-based, and objectives are typically linked to your business-critical assets, such as intellectual property or sensitive data, and would therefore be highly impactful to your organisation if a malicious threat were to gain access to them. Red teaming looks beyond the security of an individual application or specific network infrastructure and takes a deeper approach than other types of testing, not just uncovering vulnerabilities, but showing how these could be exploited and chained together to achieve the set goal.
We work with organisations of all sizes, whether you require a company-wide assessment or a more focussed assumed compromise approach. Whatever your needs, our red team service can be tailored to suit your goals and budget, providing you with the robust information security assurances you require.
Our red teaming can help:
Approaches to red teaming
Red team engagements are tailored to your needs and will look provide maximum benefit to your organisation in the allocated time. One way we can tailor our red engagements is through our approach:
Not sure what approach is best for you?
Our team will be happy to discuss your individual requirements and provide a no obligation proposal based on your needs.
The common threats we simulate
We will work with you to understand the most likely real-world threats to your organisation and simulate these faithfully. These often include:
Could an attacker really gain access?
The following case study shows, step by step, how our consultants were able to go from a web app vulnerability to domain level access during a red team engagement.
Our red team process
Our red team process will be unique to your organisation, security posture, digital estate and the goals set. Broadly speaking, each assessment will go through the following stages:
Your dedicated account manager (AM) will work with you to understand your business, the scope of the engagement & your desired goals. The AM will then work with the assigned Pentest consultants & your stakeholders to ensure testing meets your exact needs.
A bespoke proposal of work will be drawn up based on your requirements, our experience and our consultant’s expertise. This proposal will outline our recommended test approach & the time required to conduct the test.
Our consultants will communicate with you throughout the test, to your set requirements and will follow several stages in order to achieve their goal. This can include reconnaissance, vulnerability identification, exploitation, post-exploitation, manoeuvring and escalation.
A comprehensive, quality assured report of our findings will be delivered following the test. Our reports can be tailored to your needs, providing you with a timeline of activities that took place during the test, an in-depth review of our findings and our detailed remediation advice.
5. Post-test support
Our job doesn’t finish on the delivery of a report, your test consultant will be available after the test to explain any aspect of the report, as well as provide remediation support to internal teams and/or external suppliers.
6. Evidence of testing
Many of our clients need to supply evidence of testing for security assurance purposes. We can supply additional documentation which will provide these assurances to your internal and/or external stakeholders.
Why choose Pentest?
Our comprehensive test process isn’t the only reason clients choose to work with us. Find out more about Pentest, our ethos and the support we offer our clients.
Want to find out more about our red team engagements? Our team are on hand to provide you with the information you need. Please fill out the form below and one of our team will be in touch shortly.