Red Team Assessment
Our Red Team assessment evaluates your cyber preventive controls and staff security awareness, and challenges your Blue Team’s detection and response processes. This assessment includes attacks from locations inside and outside of your organisation and targets your applications, infrastructure, people, processes and sensitive data.
This assessment aims to identify any weaknesses in your organisation that could be exploited in a cyber attack, and answer the following questions:
- What risks do threat actors pose to your business critical IT assets?
- Have your investments in cyber security preventive controls and security awareness training been effective?
- Are you able to detect a persistent and sustained threat and malicious activities within your network?
During a Red Team assessment, we will:
- Use Open Source Intelligence (OSINT) gathering techniques and threat actor & target profiling to devise credible attack scenarios, which will guide the rest of the activities in this assessment
- Attempt to compromise your cloud and externally facing infrastructure
- Deliver carefully crafted spear-phishing emails to compromise your staff, attempt to obtain sensitive information from users or encourage visiting a malicious site through voice and SMS communications
- Use a stolen laptop and/or wireless or wired network access that was obtained through a Black Team assessment to gain a foothold on your internal network, and move laterally in order to compromise the agreed upon critical applications and infrastructure
- Assess your organisation’s ability to prevent a sophisticated, planned and sustained cyber attack
The Red Team assessment is a part of our Full Spectrum Attack Simulation and is often combined with a Black Team assessment, as an attacker that has been successful in a physical attack will typically continue to attempt to compromise your organisation further with a series of cyber attacks – or vice versa.