Red Team Assessment

A red team assessment is a full-scope, multi-layered attack simulation designed to measure how well an organisation’s employees, networks, applications and physical security controls can withstand an attack from real-life adversaries.

Red team assessments differ from penetration tests in the following key areas:

  • Goal oriented – (can we get access to your crown jewels)
  • Performed in real time and below the radar
  • The internal security team (blue team) are not made aware of the test

A red team assessment will take advantage of vulnerabilities in any of the following areas:

  • Technology – infrastructure, applications, routers, switches, appliances etc.
  • People – staff, independent contractors, departments, business partners etc.
  • Physical – offices, warehouses, substations, data centres, buildings, etc.

During a red team engagement, highly trained security consultants enact attack scenarios to reveal potential physical, hardware, software and human vulnerabilities. Red team engagements also identify opportunities for malicious threat actors to compromise company systems and networks.

Red team assessments will provide you with a very good understanding of your defences and how they would cope in a real targeted attack against your organisation.

Red team assessments could be a natural progression following several iterations of penetration testing, a useful exercise following a business acquisition or the answer to the question of how secure your mission critical data really is.

Red team assessments are penetration tests performed against your entire attack surface and from any vantage point agreed with you prior to testing.

They are an in-depth approach to testing and provide an accurate representation of your security posture to real world attacks.

They are not confined by a contrived scope but still adhere to well-defined rules of engagement and methodologies.

Red team assessments are usually performed from a wholly unauthenticated perspective.

Better results are obtained when your security systems (IPS/WAF) remain active for the duration of the assessment.