Red Teaming is a full-scope, multi-layered attack simulation designed to measure how well a company’s people and networks, applications and physical security controls can withstand an attack from a real-life adversary.
A Red Team Assessment does not look for multiple vulnerabilities but for those vulnerabilities that will achieve their goals. To put red teaming in layman’s terms, it is a “simulated real life attack” — a way for independent security teams to test how well an organisation would fare in the face of a real attack.
The Red Teams mission is to emulate the tactics, techniques, and procedures used by adversaries and real life attackers. The goal is to give real world simulations and hard facts on how a company will respond, fill gaps within a security program, identify skill gaps within employees, and ultimately increase their security posture.
For Red Teams, it is not as methodical as penetration tests. Since we are simulating real world events, every test can differ significantly. Some campaigns might have a focus on getting personally identifiable information (PII) or credit card information, while others might solely focus on the response time or detection rate of the targeted company.
A Red Team Assessment is similar to a penetration test in many ways but is more targeted. The goal of the Red Team Assessment is NOT to find as many vulnerabilities as possible. But to get in slow and undetected to achieve their goals.
The red team will try to get in and access sensitive information in any way possible, as quietly as possible. The Red Team Assessment emulates a malicious actor targeting attacks and looking to avoid detection, similar to an Advanced Persistent Threat (APT). Red Team Assessments are also normally longer in duration than Penetration Tests. A Penetration Test often takes place over 1-2 weeks, whereas a Red Team Assessment could be over 3-4 weeks or longer (or even longer), and often consists of multiple people and multiple attack vectors.