Red Team
Test your cyber security defence effectiveness through a harmless goal oriented advanced cyber attack exercise
Cyberfort Red Team services enable organisations to assess their cyber security defences. Whether working blind and probing networks systems and users externally or attacking to achieve a goal with a degree of access, our red teamers replicate real attacks, working with customers to validate defences and identify gaps for remediation. With expert attackers and advanced tooling, Cyberfort test a customer’s cyber readiness in a real world simulated scenario. This helps to determine how well an organisation’s people, processes and technologies could resist a cyber attack against a set of specific objectives. Our red team also works collaboratively with your blue team or SOC provider, mapping techniques to detections, creating faster, more effective real world defences
By undertaking Red Team exercises with Cyberfort organisations can identify and address gaps in their defences, evaluate security investments today vs what is needed for the future, test threat detection and response capabilities, prepare for unknown security risks and put in place a proactive offensive cyber security strategy.
Key Challenges
Data, systems and infrastructure are under threat with attacker’s tactics becoming more sophisticated and complex. While penetration testing tests systems and point devices for explicitly exploitable events, Red Team exercises offer the expertise, techniques and experience challenges to acquire a goal. Whether this is a privieleged access, a specific piece of data or access to key environments or systems.
Cyber attackers are individuals/groups that are out to achieve a goal, and while often standard tools and techniques are utilised, advanced attackers are patient, quiet and goal oriented – just like our red team.
Simulated real world attacks through Red Team exercises need to take place to ensure an organisation understands how it would potentially detect, investigate and respond to all levels of a cyber attack with an acquisition goal and make sure it has tested the robustness of its cyber defences.
How Cyberfort can help
Cyberfort Red Teams are offensive security professionals who test an organisation’s security by leveraging the tools and techniques used by real-world attackers.
We agree acquisition goals for each customer individually, and then set out to acquire them without noise or broad detectable events. Following a Red Team exercise we work with organisations to review where gaps may exist, prioritising and enabling both tactical and strategic remediations.
How Cyberfort helps
Defining and understanding your most important cyber security objectives
Many Red Team exercises only focus on what the IT team has in focus. To be successful Cyberfort reviews the security goals across the organisation including taking viewpoints from the CEO, CFO and Data Protection teams. From this we build and agree acquisition goals to make sure the Red Team exercise addresses both technical and business goals in its assessment.
What to focus on in terms of external threats with a Red Team exercise
Cyberfort Red Team exercises focus on both external threat detection and other ways outsiders may be accessing information. For example, are potential attackers using employees to help them access data, networks and infrastructure and then deploying attacks? Our Red Team exercises take a holistic view of the external posture (including OSINT/TI and other sources) and where attackers could breach it.
Leveraging the full attack surface with red team exercises
Successful Red Team exercises include understanding and leveraging appropriately the full potential attack surface not just what is already known. At Cyberfort we use our knowledge of the changing cyber security landscape to plan and execute a quiet, acquisition focussed attack using techniques such as kiosk logins to generate legitimate looking traffic, providing your oganistion with outputs and data that replicate (and indicate your response to) a real attack.
Internal threats are probably your biggest cyber security risk
The most common security threats usually come from internal employees and their lack of knowledge, poor surrounding controls or processes. As part of our red team, we can carry out simulated social engineering and phishing attacks to allow our red team to achieve their goals. Following the exercise, many of our customers use this “real world war story” to educate the wider organisation to mitigate future similar attacks.
Our Expertise
Cyberfort’s expertise in red team exercises combine broad knowledge of threat intelligence, OSINT, social engineering, penetration testing, hardware, cloud, system, physical and network knowledge. Our red team matrix all of these skills and more to achieve their agreed goals as if they were a real (although harmless) attacker.
Whether attaching to security software on an endpoint to gain privileged access, running commands between scheduled network collection to avoid NDR tooling, running Kiosk logins to make it appear that it’s a legitimate user login (because it is), or any of a myriad of other techniques, we plan and execute to achieve the agreed goals.
The difference to a real attack? Well of course there will be no impact, but instead of having to recover from an attack, the different teams which could have potentially been impacted will be able to gain valuable knowledge from our experts, learning the techniques, defences and mitigations so your organisation’s defences are evidencable as robust.
