Triskele Labs Blog

A red team: its basic objectives and functions

Written by Nick Morgan | Jul 8, 2020 2:34:00 PM

In our previous blog post, we covered the topic of penetration testing and its many benefits to organisations, helping identify systems vulnerabilities before a malicious attacker does. We also went over the different types of penetration testing in broad strokes. However, we didn’t particularly look at the gold standard of penetration tests, making use of cybersecurity experts known as a red team.

WHAT IS A RED TEAM?

A red team is either an internal or external group that takes up an adversarial role in analysing and infiltrating an organisation’s networks, systems, and applications. The adversarial role is critical to red teaming as it ensures any errors or misjudgments in thinking are minimised. For instance, group think and confirmation bias can hinder an internal security team’s ability to assess situations from multiple angles, leaving weaknesses open for exploitation.

You should also know that these groups can be used outside the security landscape as well, even in business. For example, a marketing team can have one person as the designated devil’s advocate during meetings, forcing the other members to actively look at opposing points of view, even if some of those points are trivial.

COMPARISONS WITH PENETRATION TESTING

More often than not, the terms “red team” and “penetration test” are used interchangeably. With a cursory glance, this usage may be completely fine, but a closer look reveals several differences between the two.

Red Team Penetration Testing Team
- The testing has a longer time duration. - The testing has a shorter time duration.
- The group is encouraged to look at any and all means to breach a security system. - The group tends to utilise commercially available tools to breach a security system.
- Employees are not aware that an attack is going to take place. - Employees may be aware that an attack is going to take place.
- The group looks to identify both known and unknown vulnerabilities. - The group looks to exploit mostly known vulnerabilities.
- The target area is fluid, dynamic, and wide-ranging if required. - The target area might be narrowly defined.
- The systems are tested concurrently. - The systems are tested independently.

One of the more critical points to note from the above table is that a red team approaches its task in a more novel, explosive, and unpredictable manner, allowing an organisation to find vulnerabilities that a typical penetration test might never discover. This is mainly due to the “anything goes” approach that is employed.

THE FUNCTIONS OF A RED TEAM

Typically, the security experts will look to identify potential flaws under three categories.

• Technology
• People
• Physical locations

Much like a penetration test, it all starts with reconnaissance, as the cybersecurity experts employ a variety of methods to analyse the above factors. For example, open source intelligence tools can be used to observe an organisation’s technology, people, and physical office locations. Afterwards, the experts can craft malicious cyber weapons to infiltrate your defences, which includes the use of social engineering methods involving fake personas, companies, and face-to-face interactions.

The next step is gaining access and maintaining it through the tools and mechanisms that were developed during reconnaissance. The red team will then observe how an actual criminal can extract sensitive data to cripple the organisation’s operations.

But it doesn’t end there. The goal isn’t to simply find the faults in your defences and report them. The cybersecurity experts will look to offer remediation guidelines as well, whether that involves patching up your systems and networks or offering training workshops to employees.

THE IMPORTANCE TO ANY ORGANISATION

Most of the time, it’s larger corporations that employ a red team to find those last few cyber threats that a penetration test might have failed to notice. They have the resources to invest in a stealthier analysis of their defences, getting as close to immunity as they possibly could.

Smaller organisations might deem themselves irrelevant or unimportant when it comes to a cyber attack, but that’s precisely the kind of mindset that a criminal desires. They want to pick the low-hanging fruit, and that includes smaller firms that don’t invest in cybersecurity. The simple fact is that no person or entity is exempt from digital threats these days.

At Triskele Labs, our customisable red teaming service can facilitate the budget constraints of organisations, so this critical assessment isn’t one that you will have to skip out on.

For more information on our services, click here.