Why use a Red Team?

There are many good reasons why the use of a Red Team is a good idea. One of the reasons I often find to be the most obvious is prepareness.
A lot of organizations have plans and procedures in place for when a crisis occurs. However, more often than not, these plans sit on a safe or on a computer somewhere and never get reviewed as time passes and, worse, they never get tested. A Red Team exercise can force an organization to test these plans, to see whether they are prepared. Whether their quick reaction teams, their plans, the people in charge and the combination of all this actually works. Red Teams are a reality check. They force you to deal with a real world crisis and see if you are ready for this.

Another good reason is to really see how deep an adversary can go to harm the organization, to steal the intellectual property, or gather intelligence, to infiltrate the building and start working the people.
You think your firewall is set so tight that no one can penetrate your innermost network. But, how about that developer that installed an unsactioned web server, a shadow IT server temporarily for a project and forgot to disable it after that? How about the loading dock behind the building, where trucks come and go 24/7 and no credentials are ever checked? What about the CEO's assistante, is she a helpful and trusting person? On the phone?

Red Teams are the adversary you want to have: one that challenges your security, your plans and your people, but that at the end of the day delivers a way to better understant what's needed.

Digital Recon

Quote of the day