Uniquely designed for each organization, a red team assessment consists of a full scope, multi-layered adversarial attack simulation created to measure how well an organization's staff, networks, applications, and physical security controls can withstand a real-life attack. After mapping specific attack vectors, operators emulate an attack as if they were a threat actor. Given that a red team assessment has a smaller scope than a penetration test, an organization can expect assessments to take much less time, but keep in mind this is dependent on each assessment. At the end of a red team assessment, an organization should be able to visualize the emulated attacks and understand how they affected the systems.
When Does a Red Team Assessment Make Sense?
Security budgets can be tight, so when does it make sense to conduct a red team assessment? A major factor is the security posture maturity of an organization. Randy Duprey, a seasoned offensive operator at NuHarbor, says, “It may not make sense for a less mature organization to start off with a red team assessment. It’s premature to pick one attack when you have an environment full of them.” Conducting penetration tests, identifying vulnerabilities, and starting to fix those vulnerabilities can improve an organization’s security. In turn, a red team assessment may become a more sensible option.
The frequency of these assessments is important as well, Randy advises. “For most organizations, a yearly assessment makes the most sense. However, organizations with a more mature security posture may be preparing for threats as they appear.” A recent example of this is the ransomware attacks on the healthcare industry. As a healthcare organization, if others in the industry are falling victim to these attacks, it’s only logical to prepare. Conducting a red team assessment can show how an organization will react to an attack, and what needs to change to be successful in defending against one.
What Makes Red Teaming Unique?
Red team assessments are commonly confused with other security assessments, such as penetration testing and vulnerability scanning. Randy explains what red teaming is. “When working with an organization, red teaming traditionally focuses on a narrower scope than penetration testing.” Red team assessments are created with a specific attack vector in mind, unlike penetration testing where the scope is much broader.
The approach for the assessments is vastly different as well. According to Randy, “The first question we ask an organization is, 'What specific attacks are you looking to have emulated?' A lot of the time they don’t know, so that’s where we start.”
Penetration testing is one method organizations use to answer this question, so that they can advance to a red team assessment. The outcomes of red team assessments are substantially different than the outcomes of penetration tests or vulnerability scans. The goal of a red team assessment is to show an organization what attacks may be used against them in the future, and test the procedures designed to mitigate them.
“At the end of the day," says Randy, "We want an organization to meet their goals with a red team assessment, but we also want them to have the ability to see and learn about some attacks they wouldn’t normally see.” Red team operators emulate threat actors to provide organizations with a realistic assessment of how they would react if an attack were to occur. A red team assessment is identical to an real attack, save that red team operators want your organization to improve.
Security Testing at NuHarbor
Whether you're just getting started or nearing the finish line, NuHarbor has the comprehensive cybersecurity services you need to prepare for future attacks. Our security testing team will prepare your organization with the tools and knowledge to defend against the constantly changing cyber threat environment.
Ready to learn more about security testing and talk to an expert like Randy? Contact NuHarbor today.
Justin (he/him) is the founder and CEO of NuHarbor Security, where he continues to advance modern integrated cybersecurity services. He has over 20 years of cybersecurity experience, much of it earned while leading security efforts for multinational corporations, most recently serving as global CISO at Keurig Green Mountain Coffee. Justin serves multiple local organizations in the public interest, including his board membership at Champlain College.