Adversary testing simulates an attack, testing your team’s capacity to detect, respond to an attack and to learn and improve.
Red Teaming comes in many flavours but relies on the fundamental premise: the replication/simulation of tactics, techniques, and procedures (TTPs) performed by known threat actors.
A Tesserent Red Teaming Engagement is a complex, comprehensive and multi-layered attack simulation on an organisation.
A Red team uses a custom set of tactics, techniques and procedures (TTPs) to assess your organisation's cyber resiliency against real-world adversaries. The Red Team assessment starts with the alignment/definition of objectives/goals and rules of the engagement, then defines the test plan and finally execution of the plan.
By mimicking a real cyber-attack, the output of your Tesserent Red Team engagement will provide your organisation with a detailed snapshot of the current level of your cyber resilience, covering your people, processes, and your technology. The report will guide you on how to prioritise improvements to your detection and response capabilities helping your company stay ahead of the adversaries.
Red Team exercises focus on all the vectors that real adversaries would. To simulate a real-world scenario, only key stakeholders are made aware of the exercise.
A Purple Team uses intelligence gathered on threat actors to build a test plan to replicate the tactics, techniques and procedures (TTPs) that are most likely trying to breach your organisation's cybersecurity posture, usually targeting people, processes and technology but not limited to it.
Purple Team engagements merge the Red Team and Blue Team to simulate TTPs from known threat actors to implement or improve your organisation's cybersecurity posture. Usually, when doing a Purple Team exercise, the parts involved in the simulation select the threat actor based on information provided by Threat Intelligence teams. This is intended to tailor the defensive teams regarding threats targeting your organisation's industry and other demographics.
As an outcome, a Purple Team engagement is the best tool to check the detection and response in place, as well as to identify blind spots and solve them at execution/testing time.
Testing your response plan and your crisis management skills is a vital step in ensuring a successful response to an incident. A Gold Teaming exercise provides a safe environment to test your policies, plans and procedures and hone your response skills before they’re needed.
We’ll collaborate with your team to develop a credible scenario that will involve, not just your IT team, but all facets of the business typically involved in a crisis response.
A tabletop exercise / Gold Team engagement is a discussion-based exercise that is aimed at testing and validating the current incident response plan and playbooks of an organization. A facilitator will drive the discussion by presenting a scenario and various injections based on the scenario created. The scenario is typically customized according to the target organisation’s technology stack and is based on the most current threat intelligence.
The following parts of the business are recommended to be involved in a Gold Team engagement:
Potential scenarios include testing your response to a:
At the end of a Tesserent Gold Teaming engagement, you’ll know what your next steps are for improving your Incident Response readiness.
Tesserent External Attack Surface Assessment will assist your organisation to uncover exposed and forgotten assets.
Our methodology is designed to simulate what a real threat actor would focus on and will utilise similar tactics, techniques and procedures (TTPs) as a Red Team would do.
At the end of the engagement, you will receive a report that will outline your organisation’s attack surface.
What is the difference between Red Teaming and Penetration Testing?
Where a standard penetration test focuses on a single environment or system i.e. what’s in scope as identified by the organisation, a Red Team aims to be widespread i.e. everything identified by the Red Team (except anything flagged for exclusion by the organisation).
A Red Team simulates, within the bounds of their engagement, an Advanced Persistent Threat (APT). They often take far longer to plan and to execute than a tightly defined Penetration test.
A Red Team exercise challenges the full spectrum of your security operations. It provides a risk-managed approach to the organisation’s attack surface. In addition, the Red Team targets the human elements within a company, often neglected by annual security testing.
How do I know if my organisation is ready for a Red Team engagement?
A good candidate for Red Teaming is typically a larger organisation with a relatively advanced Security operation – providing a baseline to work from. You have most likely conducted traditional internal and external penetration testing and have an understanding of your weak areas. A Red Team engagement will help assess the security measures you already have in place.
What are the key steps in a typical Red Team Engagement?
We start by working with you on a detailed requirements gathering phase where key stakeholders and the Red Team reach a mutual agreement over the key concerns within the business. A standard Tesserent Red Team campaign consists of:
What’s the difference between Red Teams, Blue Teams, Purple Teams and Gold Teams?
The “red team” is your attacking team. They are mimicking a potential real-life scenario and using the stealthy techniques a real adversary would use, trying to assess your organisation's cyber resiliency. A red team engagement takes planning and time – exactly as a real hacker would.
The “blue team” is your security team. They are being tested (usually without prior knowledge of the simulated attack), on their capacity to detect and respond to a situation.
In a “purple team” engagements Red Team and Blue Teams collaborate to plan and simulate tactics, techniques and procedures from known threat actors. The aim is to implement or improve your organisation's cybersecurity posture, usually targeting people, processes and technology but not limited to it. Gaps can be identified and closed in real-time.
“Gold team” exercises test your crisis management team – across the organisation, not just IT. It might also involve Legal, PR and other business divisions. It is a tabletop exercise designed to test crisis management policies and procedures and how well the crisis team communicates and executes.
Speak with a Tesserent Adversary Services consultant today to help determine the right service for your organisation.
Tesserent is a full-service cybersecurity and secure cloud services provider, partnering with clients from all industries and all levels of government. Let’s talk.