In Red Teaming, Securify uses all means necessary (software vulnerabilities, social engineering and more) in a coordinated attack oriented towards your organization's systems and infrastructure. We employ the tools that bad guys might leverage to compromise your digital assets!
Red Teaming is an adversarial-based attack simulation. Our experienced multidiscipline team (Securify RED) will perform (digital) attacks on people, software, hardware, and facilities. By executing realistic attack scenarios Securify RED will test your organization’s detection and response capabilities (the Blue Team). Any weaknesses identified during the engagement are shared with you to harden your defenses and perimeter, which makes your organization more resilient to attacks.
Red Teaming is similar to Penetration testing, but there are several significant differences. Notable examples are:
Securify Red will meticulously assess the environment it will attack in order to plot attack scenarios that will likely gain the team access, trying not to be noticed of course. Such scenarios are only limited by a hacker's imagination, and if it concerns getting in he will use all of his resourcefulness to that end!
Some examples of how we can get a foothold into your organization:
After the engagement we’ll discuss which targets were achieved, what was seen by your Blue Team and what was missed.
A Red Team engagement always starts with an intake. Together we define a set of targets (crown jewels) or attack scenarios. Boundaries are defined, what is the Red Team allowed to do and what isn’t allowed. We’ll discuss our approach; do you want us to be as stealthy as possible or should we on purpose try to trigger detection rules to train the Blue Team/incident response.
Based on the input from the intake we’ll start gathering information about your organization. This can include searching for open sources in social media, probing the external attack surface, investigate how the physical perimeters have been secured and lastly how information may be crafted in such a way that specific attack scenarios are applicable for your organization.
After the information gathering we’ll execute the attack scenarios. Possible attack scenarios are Social Engineering, phishing, malware infection, Wi-Fi attacks, USB drops and many more.
The attacks can be performed fully black box or depending on your needs we can simulate a particular scenario. A common scenario is where we’ll simulate an attacker that has already gain access to your internal network. In this case you provide us with access (e.g. company laptop, access cards) and we’ll try to attack your network from the inside. The duration of this phase depends for each engagement, it varies from 4-5 weeks to a couple of months. Some attacks have to be executed over a prolonged time period in order to stay under the radar to avoid detection.
After the engagement is finished, we’ll sit down with the Blue Team and compare our time lines. We’ll discuss which targets were achieved, what was seen by the Blue Team and what was missed. Together we can identify the weak spots of your organization and try to find measures (e.g. monitoring, incident response) that can be improved.
After the evaluation, often additional measures will be implemented. We can help with strengthening these measures by replaying some of the attacks executed during the Red Team action. This way you’ll get a feeling how effective these measures are. Naturally we’ll try variations of these attacks to see if these are detected or stopped.
Are you interested in finding out how Securify's Red Teaming service may help your organization increase its line of defence against bad guys?
During an intake (free of charge) we can discuss the way Red Teaming will best fit your requirements, goals and budget.