protecting your organisation’s critical assets, data & sensitive information
Red teaming is a scenario led engagement which simulates real-world cyber threats or which is made to challenge your blue-team in the most complete, exhaustive and accurate manner.
Unlike penetration testing, red teaming is goal based and our consultants will utilise any route possible, within the set scope, to gain access to a privilege level or set of resources that could be highly impactful to your organisation.
These type of assessments would be useful for any organisation wishing to test their robustness in the face of cyber-threats and for those that have critical business assets they wish to protect. Engagements typically range from 10 – 100 days and are tailored to your requirements, however a time-limited approach can be employed when required.
the benefits of red teaming
what we test
Our consultants will look to gather information from multiple sources, utilise various techniques and attempt numerous routes in order to achieve their goal. The routes we use are dependent on the scope set, but can include a combination of:
Your digital estate is often bigger than you think. Every connected device, website, application & server provides a potential way in. Our consultants will look to understand your estate, probing and testing to exploit potential opportunities.
Staff can be your strongest line of defence, but they can also be your weakest link. Our consultants can use a variety of methods, such as social engineering and open source intelligence (OSINT), to obtain credentials and gain access to your network.
Our team are experienced in conducting physical red team operations and, if instructed, will look to manipulate their way into premises. Once inside they will attempt to gain access to sensitive areas, or confidential information unchallenged.
Once inside your network, our security consultants will look to expose any poor security processes and controls. This could include poor internal password management, ineffective privilege access levels and a potential lack of incident response.
Our approach will be unique to your organisation, its security posture, the digital estate and the goals set. Broadly speaking, each assessment will go through the following stages:
We will work with you to ensure goals are defined, communication requirements set, and everything is in place before we start the test.
Our testing can go through the following stages: OSINT & reconnaissance, vulnerability discovery, exploitation including social engineering, post-exploitation & persistence.
3. ongoing communication
We will communicate with you throughout the engagement, to your set requirements, updating you on progress and discussing potential future actions.
A full test report will be delivered at the end of the assessment, providing an in-depth review of findings & a timeline of activity that took place.
5. post-test support
We provide access to our consultants after the report has been delivered, allowing you to address specific concerns and to provide remediation advice.
We offer an optional period of retesting to allow you to verify issues have been mitigated successfully.
Red teaming - a Pentest case study
Could our consultants, and therefore malicious threat actors, really gain access to your organisation’s critical information?
The following case study shows, step by step, how we were able to go from web app vulnerability to domain level access during a recent red team engagement.
why choose us
We’re more than just a test provider, we’re here to support you and your ongoing information security improvements. It’s this support that truly sets us apart and can be seen at every stage of our red team process, from our scoping, which aims to fully understand your individual requirements, right through to post-test access to consultants.
Want to find out more about our red team services? Our team are on hand to provide you with the information and support you need. Just fill out the form below and one of our team will be in touch shortly.