A Red Team assessment or Red Teaming is an attack simulation exercise designed to mimic the tools, tactics and procedures (TTPs) of the advanced persistent threats (APTs) that most organizations have to deal with in cyberspace. With the help of SEC Consult’s Red Teams you will get a clear picture of your current security status concerning those threats and therefore be able to prepare your organization better against real attacks.
The speed and extent of digitalization has led to a wide range of ever changing and developing threats in cyberspace. SEC Consult offers an experienced and versatile team which has performed many successful Red Team assessments in big and complex environments. We have the specialists, the experience and the tools to execute these audits in the most effective way.
We follow well-known security frameworks and methodologies (like MITRE ATT&CK). The Red Teaming methods are well documented in all different phases of the assessment; hence they can be easily integrated with the detection tools or processes you are using. So, the Blue Team, i.e. your staff trying to defend your systems during the assessment, can best evaluate and benefit from the resulting actions.
SEC Consult´s Red Teams are flexible and dynamic. We constantly adapt tools, tactics and procedures during the assessment to the capabilities of your organization so you can benefit from the audit most effectively. In other words let us challenge your strongest Blue Team.
Great Variety of Approaches
SEC Consult provides an array of different Red Teaming variations to cover all customer needs and different potential attack scenarios. We also offer Red Teaming as a Continuous Service by simulating an attack where all the activities are carried on a long period of time to benefit from the newest TTPs that might appear. Our specialists will give you a detailed overview of all activities and identified vulnerabilities as well as specific recommendations on how to improve your cyber resilience.
- prepare for an emergency
- protect critical data
- optimize processes
- reduce risks
Successful attackers combine different tools und use a variety of techniques to perform efficient and highly professional assaults. By using the same methods SEC Consult Red Teaming allows you to assess your current security defence strategy and resilience in a realistic way.
- Technology: applications, networks, appliances, etc.
- People: staff, support, external contractors, third parties, etc.
- Physical: offices, data centers, properties, etc.
- Processes: defence controls, incident response, remediation flows, etc.
- Training the Blue Team in an adaptative manner.
Usually the staff building a Blue Team are concerned about the judgment of their work and keep a defensive position in regard to the assessment. We have a constructive approach and dynamically adapt our TTPs to their capabilities. By gradually increasing the complexity of the attacks to optimize the learning curve of the Blue Team our Red Team helps to enhance the general security level of your organization.
- Providing a snapshot of the security level of your organization.
Big enterprises invest a lot of money for staff/security solutions and appliances that are usually not tested in real-world situations. Our Red Team assessments help them to gain a realistic view of the current security state and make sure that they are on track with their Return of Investment (RoI).
- Understanding the severity of a breach and the potential business impact that it could have.
SEC Consult Red Team assessments highlight the high impact of a real attack. So, the management board of your organization will understand the importance of an accordingly endowed security budget to fix the issues spotted during the test and improve the global security level of your company.
- Verifying that all the necessary defensive processes are in place.
Attacks are inevitable but implementing effective (and tested) strategies makes the difference between a regular assault and a complete disaster in business terms. The attack scenario only represents the beginning of the Red Teaming process, following steps may involve testing how effective the Incident Response strategies are.
- Increasing the security level of an organization in any way possible.
During the assessments our Red Teams usually spot many different issues that sometimes are “invisible” for your company due to different reasons
All Red Teaming projects and services follow previously agreed on rules between your company and SEC Consult. Experts with different specialty areas implement these attack simulation scenarios in a thoroughly structured, safe and smart way. The SEC Consult Red Team has the full clout of an international team of experts at their disposal – which inevitably leads to impressive results.
The SEC Consult Red Team challenges the Blue Teams to respond to cybersecurity incidents, identifies vulnerabilities in their cyber defence strategy, and evaluates them. To do so, SEC Consult’s experts mimic the behavior of real cybercriminals and use a variety of possible attack patterns and attack vectors: from collecting open source intelligence (OSINT) to social engineering, (spear-)phishing with customized malware, to physical infiltration and compromise of the organization.
- Planning: In close coordination with you SEC Consult’s Red Team defines the basics of the assessment (objective, scope, timeframe, communication, etc.)
- Reconnaissance: We gather information about your company, infrastructure, staff, etc.
- Weaponization: Based on the information obtained, we make a plan, target some objectives and generate the malicious payloads that will infect/exploit the targets.
- Delivery: Our Red Team will use the necessary (legal) methods to execute the malicious payloads/exploits within the environment. In this phase we often use social engineering.
- Command and Control: We establish a reliable communication with the attack infrastructure. Our Red Team will act dynamically and with stealth to be able to counteract the detection or block methods of the Blue Team.
- Lateral Movement: Having established the first foothold, the attack will be expanded through other layers of your organization – as far as possible but always in the direction of the agreed objectives.
- Escalating Privileges & Persistence: Privilege escalation on the systems is usually required to accomplish the objectives. Persistence is also necessary to avoid repeating the initial phases.
- Completing the mission: Our Red Teams accomplish the mission by exfiltrating data or performing the necessary actions agreed in the planning phase.
- Documentation and post-mortem: SEC Consult’s Red Team experts report all the methods they used in each phase, also documenting a clear timeline. This allows the Blue Team to investigate the incidents from its perspective. It is very useful to reserve some time for this phase: In some cases, it will be necessary to clarify multiple concepts or repeat interesting cases with the Blue Team.
- The MITRE ATT&CK Framework is used for threat modelling for most of our customers. This way, the actions of our Red Team can easily be identified by your Blue Team and the manager responsible for the IT of your company during the assessment.
- The Red Team: Our Red Team also uses the “Adversarial Attack Simulation Exercise Guidelines for the Financial Industry in Singapore”. This set of cybersecurity assessment guidelines provides financial institutions with best practices and guidance on planning and conducting Red Teaming exercises to enhance their security testing.
- The TIBER-EU FRAMEWORK (the European Framework for Threat Intelligence-based Ethical Red Teaming) is used as it is the first Europe-wide framework for controlled and bespoke tests against cyberattacks in the financial market. Read more in our blog:
Depending on the variation, typically between 1 and 3 months, sometimes more, if necessary.
- Performing a Red Team assessment is the only way to avoid damages!
- Our experienced team will only execute the necessary attacks (i.e. take the shortest path to the objective) to avoid compromising assets unnecessarily or cause collateral damage.
- SEC Consult Red Teams comply with all laws, regulations, and policies.
- Our specialists act with common sense in sensitive environments based on every customer’s specific business.
- We use tested tools, tactics and procedures.
- Our experts only use encrypted communications in a safe/temporal environment, reports after the assessment are also encrypted.