Knowing your weaknesses by actively searching for them
From the Yahoo breach of 3 billion accounts, to the JP Morgan intrusion, to the recent Equifax attack, the frequency and scale of attacks is increasing, and there is no sign of stopping.
As you watch company after company essentially fall victims, and unable to deal properly with these crises, it is becoming evident that current security testing and methodology need to evolve.
Evolve into something that properly mimic the attackers. Evolve into something that properly test the organizations and companies in the same way a real attacker would.
This means attacking the three fronts - digital, physical and social - in a way that truly mimic a real adversary.
This last bit above is what we've been trying to inform the public about. This last bit above is real Red Teaming.
What is Red Teaming?
Red Teaming is the act of portraying an adversary in order to test the security posture of an organization or company. This means all three fronts. Red Teaming is not penetration test. Though penetration testing can be and often is a part of Red Teaming.
Red Teaming is executed by a trained, educated, and experienced team and can often provide more that just a view of the state of affairs of security. Red Teaming can be applied to everything, from plan analysis and exploration of alternatives, to testing of capabilities in the context of the operational environment, to the application of the adversarial mindset to policy making.
Why Red Teaming?
In today's world, it is critical to assume that a security incident can and will occur. It's not a matter of if, but a matter of when and how. Period. It is correct to assume that a compromise already happened.
Red Teaming must be a necessary component in any effective security strategy to face today’s realities and the modern adversary. A Red Team is a friendly force that plays the role of an advanced adversary to uncover those weaknesses before a real attacker does. Organizations and companies can better prepare for the impact of current and future threats by simulating real-world attacks and exercising Tactics, Techniques and Procedures (TTPs) that determined and persistent adversaries use during breaches, helping build resilience and test in advance their own TTPs: the information gained from Red Teaming helps to significantly strengthen defenses, improve response strategies, train defenders, and drive greater effectiveness of the entire security program.
Act, don't react
Security prevention strategies and technologies cannot guarantee safety from every attack. Given today’s threat landscape, like mentioned above, it is important to assume that a breach has either already occurred or that it’s only a matter of time until it will.
By planning for the worst-case scenarios, organizations can develop the necessary capabilities to detect penetration attempts and significantly improve responses associated with security breaches.
In other words: when the real attack happen, you will be ready and you will have the necessary muscle memory to confront the breach. Operating with this assumption will reshape detection and response strategies in a way that pushes the limits of any organization’s infrastructure, people, processes, and technologies: Resiliency
One of the biggest benefits of understanding your adversary is that it helps take much of the guesswork out of security solutions, controls and plans. As had been demonstrated and explained in previous posts in this blog, once an adversary has been researched and a real-life attacks performed against the organization, it is much easier to begin understanding all types of attacks and the different adversaries.
Again, understanding, prevention and action brings resiliency.
Understanding the adversary will help creating this resiliency. Real Red Teaming, and adapting the plan and response measures will ensure the survival of your business. Start thinking like an adversary, adopt the mindset of an open system that can adapt to the environment, and be ready for the next attack. It will happen.
Bringing in an advanced Red Team will jumpstart the process. Red Teams act like a real attacker, truly identifying where the controls break, providing a realistic view of how resilient an organization is.
Don't neglect to evaluate your controls in a realistic way.