High-grade firewalls, intrusion detection systems and other security appliances are just part of the security onion approach, but what about the human aspect of security? Our red team assessment ensures that we cover other areas of security, such as publicly available wireless access points, social engineering attacks, physical security and targeted attacks.
What is Red Teaming?
In military jargon, the term Red Team is traditionally used to identify highly skilled and organized groups acting as fictitious rivals and/or enemies.
The same in Information Security, a red team is a group of highly skilled white-hat hacker assessing the security of a company. Red Team Assessment and Penetration Testing shares the same goal to gain sensitive information such as PII, credit card numbers and company trade secrets, the only difference from penetration testing is that a company requiring red team assessment should have a very mature security program. The red team will pose as a real scenario persistent threat where they launch a well mixed of attacks such as but not limited to physical access, social engineering, phishing and publicly exposed computer systems and wireless access points. The red team will do everything to achieve the goal.
Red Team Approach
VAPT coupled with the following:
Physical Testing - Understand the true strength and effectiveness of physical security controls in data centers, offices, substations, critical infrastructure and more.
Phishing Attacks - This test targets company users, aiming to gain login credentials, financial information (such as credit cards or bank accounts), company data, and anything that could potentially be of value.
Social Engineering - the use of deception to manipulate the clients individuals into divulging confidential or personal information that may be used to successfully compromise the target.