As attackers become more sophisticated, it is important that organisations assess their capability to resist and respond to cyber-attacks based on an understanding of the key threats they face.
A red team exercise goes further than just identifying gaps in your security practices and controls to prevent an attack; it can also provide valuable insights about your organisation’s capability to identify attacks in progress and remove them from the environment.
What is red teaming?
A red team attack plan is informed by your organisation’s operations, based on surveillance and research, as well as knowledge of the tactics, techniques and procedures (TTP) used by real hackers. It provides a holistic and real-world view of what can happen if someone ties the individual risks together into a single coherent cyber-attack.
Our red team assessment methodology
During a red team operation, Context can target the full range of an organisation’s digital defences, using everything from custom-developed malware to social engineering.
With significant experience in social engineering, malware reverse engineering and targeted attack analysis, we can deliver a variety of attack types based on real world threat scenarios and the knowledge of our threat intelligence experts. Each engagement is fully customised to the client and tailored to the attacks they are likely to face. This also includes smaller scenario-based tests for our clients, which looks at testing specific issues.
After a red team engagement, Context will deliver a detailed report showing the attack paths identified during the assessment, the activities undertaken and the ease of exploitation. We will provide mitigation advice where vulnerabilities have been identified and can also provide in-depth post testing support if required to assist you in developing a more robust cyber security strategy.
Benefits of red team testing include:
- Identify vulnerabilities in applications and systems
- Discover weaknesses in your development and testing processes
- Better training for defensive practitioners, for example your SOC or blue team;
- Assess security performance levels, including systems, people and processes
- Understand the impact of a security breach
- Measure the resilience of your organisation’s cyber defence
- Collect evidence to justify security spending
What is the difference between Penetration Testing and Red Teaming?
A red team exercise tests an organisation’s entire security defence. It provides a more in-depth view of border protection, employee awareness and how well processes and procedures cope when faced with a real-life attack scenario.
Penetration testing focuses on identifying as many technical vulnerabilities as possible in a pre-defined IT system that could leave your organisation open to an attack. The important thing to note is that this is usually done in isolation, avoiding other out-of-scope systems, and therefore doesn’t necessarily provide a holistic view on what could be a much larger risk to the organisation.
Red Team / Blue Team / Purple Team
We can also carry out blue team or purple team exercises where we work alongside your organisation's response capability (SOC or blue team) to test what they can detect and how they respond. We recommend this approach, because the better SOCs can understand what we have done, the better they can defend against it in future.
Context is certified to carry out CBEST, CREST STAR and GBEST engagements:
CBEST Scheme – The Bank of England’s CBEST scheme is a framework to deliver controlled, bespoke and intelligence-led cyber security tests for financial institutions. These tests are designed to replicate the behaviours of threat actors that have been identified as posing a genuine threat to financial institutions. Context is experienced at performing CBEST engagements, having completed 12 out of the first round of 36 CBEST engagements.
CREST Simulated Target Attack and Response (STAR) – Context is qualified to provide STAR assessments which take threat intelligence information to deliver highly targeted attacks against an organisation to simulate sophisticated threat actors. We have been performing STAR assessment engagements for global clients for many years; we use real-world data about attackers collected through our experience in the field, enabling us to perform focused and realistic exercises.
GBEST Scheme – GBEST is a scheme based on the CBEST model and is being rolled out across UK Government Departments. The scheme aims to be very similar to CBEST but with some minor differences; for example, a GBEST assessment is expected to take slightly longer than an average CBEST (visit CREST for more info). Context has significant experience working with UK Government Departments and are able to offer Threat Intelligence and/or Penetration testing services as part of a GBEST exercise.