Organizations come in different sizes, but cyber-attacks occur for any scale of business. Whether your organization is interconnected by tectonic plates, virtually formed, or just a lemonade stand there is a vulnerability waiting. For a long time, penetration testing strategy was the most comfortable approach to offensively take a picket fence defense into an advanced security model, cyber actors have become next level. More sophisticated attacks coupled with easily accessible technologies mean higher risk and less skill to protect these systems. How to start defending these systems the right way?
In walks Red Teaming
In the early 1960s the terms "red team" and "blue team" first appeared through the US Department of Defense (DoD); decision-makers coined the term when referring to the structured simulations used to test high-level strategies. This was first seen implemented in battleground tactical operations.
This tactical concept was later introduced into the cyber security world in 2017 by April C. White, defining different roles assigned to distinctive colors - combed into a wheel that allows a clearer understanding of where an organization is and should aim to be - in a traditional security maturity model.
Red Taeming
Red Teaming is an adversary emulation approach that differs from penetration testing. While they both have similar techniques and methodologies, their objectives are defined differently. Penetration testing focuses on finding a breach in a short period of time on a perimeter layer and Red Teaming is mostly post-breach attack focused on a longer time frame.
- Emulates a real-world attack post-breach
- Only specific management has knowledge of this exercise
- Assesses the organization's ability to detect, respond and prevent sophisticated and targeted threats
- Identifies the risk and susceptibility of attack against key business information assets
Penetration Testing
- Actions portions of a targeted attack
- IT teams and others can be informed
- Assess the organization's security posture
The team consists of offensive security professionals that simulate a breach and attempt to target high-value systems, uncover advanced persistent threat possibilities, and test the cyber defenses of an organization. They aim to operate in a stealthy approach and target the people who manage them. In the simulation, the team is often not provided a scope but rather placed on a commonly used network within an organization and set loose. These are all merged into campaigns and are tracked by this terminology. Campaigns are micro-focused activities within the red team operation and there can be many scoped during an engagement.
While the Red Team is actively exploiting environments within the network, in the Infosec color wheel we also see a Blue Team. They are responsible for defensive measures to stop or identify Red Team actors and the exploits used. This isn't the full Digital Forensics Readiness Investigation (DFIR) process but encumbers some of it. Tools such as Security Information and Event Management (SIEM) are highly efficient to identify and track security breaches.
Purple teams are operational leads that represent both blue and red teams. They assist and help either side with guidance and expertise. They function as an unbiased relationship coordinator and facilitate technical operations and campaigns.
Having a Red Team strategy or service can uncover how technologies in a network or organization have been architected or configured and highlight potential risks or vulnerabilities they may contain. Often highly trained professionals or vendors install, configure, deploy, manage, and architect technology systems for businesses but human error intentional or not can lead to serious impact and cyber threats.
The pivotal part of an offensive approach is to remain unbiased. Defensive tools can only protect technology when more controlled visibility is found within its area. Digging deeper into the landscape ensures more opportunities to harden both surface areas and combative techniques. At VikingCloud, we create a journey that helps you uncover the gaps, encouraging a stronger security fabric.
Threat actors are persistent, but so are we. Contact the VikingCloud team to find out more about how we can help your organization uncover security and improve your security posture.