“Red Teaming is the process of viewing a problem from an adversary or competitor’s perspective”
Red Teaming, traditionally used by the military, is now increasingly employed by governments, media, and a range of commercial organizations in order to identify and reduce enterprise risk and protect business opportunity. Simulating the mindset and behavior of an attacker, a Red Team challenges assumptions and recognizes vulnerabilities from an outsider’s perspective in order to make an organization more effective and secure.
A Red Team security assessment tests the digital, physical and workforce elements of an organization’s security, applying simulated real targeting under controlled conditions. In the context of IT security, Red Teaming is an authorized, adversary based security assessment for defensive purposes.
Red Teaming takes a holistic big-picture view of a target rather than traditional security testing and vulnerability analysis that examines individual components of the security model (technology, policies, and procedures) in isolation.
The objective of an assessment is to identify likely risks to the organization (such as financial loss, loss of market advantage, or corporate reputation damage) from varying threat actors (such as competitors, state-sponsored or criminal organizations) by identifying an organization’s vulnerabilities, specifically relating to information security, security policy and procedures, and the security awareness of the workforce.
In a Red Team assessment, security specialists play the role of an adversary in order to simulate realistic attack scenarios that may occur across varying elements of the business. Specialists seek to identify and exploit possible vulnerabilities in a coordinated, interconnected approach that is representative of genuine attacker behavior. This results in a better understanding of possible adversaries for organizations and an improvement in countermeasures for future threats.
By simulating real attackers in a realistic environment, Red Teaming provides unique value because identified risks are not just theoretical – they have been demonstrated in action. To do this, Red Teaming considers three keys aspects of security that are the primary attack vectors used by real-world attacks to target governments and organizations: technical, physical and people.
A Red Team assessment commences with a detailed threat context analysis, personalized to the business, to identify real-world attackers (e.g. state-sponsored, competitors, criminal or politically motivated actors); their motivation; their skills and likely avenues of attack. This is followed by in-depth reconnaissance and research into the target organization to identify potential weaknesses in networks, physical premises, and the workforce. The results of this analysis is used to devise and simulate realistic attack scenarios.
Overwatch Offensive Training will provide participants with the skills sets to undertake threat analysis and develop red team assessments and strategies. The training comprises the following modules:
Reconnaissance 1 -Social
Reconnaissance 2 -Digital
Reconnaissance 3 - Physical
Training is practical wherever possible and usually takes place on-site at the training premises, with some training conducted off-site ‘on the ground’. The training culminates in a practical simulation exercise that integrates the analysis, reconnaissance and planning phases of Red Teaming and applies them in action against a fictitious company. This simulation exercise provides participants with the opportunity to apply their knowledge and understanding in a way that is practical and relevant, while also demonstrating the mindset like a Red Team assessor.