Enterprises now handle so much information in such varied ways that safeguarding it has become a major security challenge. Threat actors continually target organizations knowing that if they breach their defenses, they’ll unlock a trove of data that can be leaked, sold, or held to ransom. Last year alone 165 million records were exposed in the US, demonstrating why businesses must know exactly where they are vulnerable. This has never been truer than now, with threat actors upping the ante and attack surfaces expanding amid COVID-19.
Introducing the red team
A red team provides value by executing a holistic, goal-focused assessment that tests an organization’s cyber resilience from an adversarial perspective. The idea is that if you want to thwart an attacker, you must first learn to think like one (a mindset we champion at Immersive Labs). The assessment shows how attackers can get a foothold using various exploits, while demonstrating that technology – regardless how advanced – is never foolproof. It does not provide immediate results, however, but instead showcases an organization’s exposure to different threats over the duration of the assessment.
The benefits of a red team assessment
After an assessment, a security team will have evidence that can be used to secure funding and improve areas of weakness, be that through a significant hire or the installation of new technology. This results in an improved security posture that in theory could save the organization millions. (The top three red team assessment findings, for the record, are poor credential handling, lack of network segregation, and lack of patching/unsupported software.)
Red teaming stages
Context (part of Accenture Security) says the phases of a red team assessment usually align to the Cyber Kill Chain; however, these are dynamic and will change based on the unique needs of the organization:
- Control and movement
- Actions on target
- Persistence and egress
What makes a successful red team?
There’s a reason quality outsourced red teams can charge $250 per hour over several weeks: they are technical, creative, and persistent. They are also trusted by those who matter, with two-thirds of businesses preferring red teams to blue teams (though one cannot exist without the other). Every red team includes different skillsets to maximize the group’s effectiveness, but certain human traits that are non-negotiable:
Members of a red team must above all else be able to think outside the box. Breaking rules while following white hat techniques and demonstrating vulnerabilities takes original thinking. Whether it’s having the foresight to suggest new tools to better protect a company system or getting creative in a social engineering attempt, red teamers have to see the bigger picture. Conformists, they certainly are not.
Red teaming is extremely sensitive, and it’s therefore imperative that those behind each operation plan meticulously. Objectives and rules of engagement must be laid out prior to execution, and everyone must know their actions and time frames clearly. Red teamers must also be thorough about what they share and with whom, as information in the wrong hands can impact the realism of an operation, or, worse, land the company being tested in trouble. Because of this, non-disclosure agreements are essential.
Cooperation is important in a red team for several reasons. Mistakes can be limited, for example, by members keeping tabs on key phases of an operation where their involvement isn’t mandatory. Effective cooperation will also build chemistry within the team, which will translate to smoother processes and better outcomes. Peer mentoring can also help ensure that a red team stays within the rules of an operation.
In his book Red Teaming: Transform Your Business by Thinking Like the Enemy, Bryce G. Hoffman says, “The same traits that make [red teamers] effective analysts – a quick intellect, a skeptical perspective, and a questioning nature – can make them seem arrogant and aloof, particularly when they are right. That is why it is essential that every red team member guard against these traits and instead develop an attitude of cooperation and collegiality.”
How Immersive Labs elicits these cybersecurity traits
Immersive Labs builds awesome cyber talent by enabling users to tool up like hackers and stay ahead of the game. Our content is driven by the latest threat intelligence, and skills development aligns to emerging threats. To complete our capture-the-flag exercises, our users must learn to stand on their own two feet and think outside of the box; they won’t pass our Technical III labs without being thorough; and cooperation is the order of the day in our upcoming product Cyber Crisis Simulator.
If you would like to see our labs in action, head to Immersive Labs Lite today. Alternatively, to learn about a real-life application of red teaming, check out our recent webinar in coordination with Ultimate Windows Security – Anatomy of a Citrix Hack.