RedStrike red teaming is a service from the QCYBER portfolio of Advanced & Specialty Cybersecurity Solutions offered for threat and risk assessment in your (large or small) organization environment. Custom created based on the threat profile for your business vertical with local considerations, this service will provide you with a comprehensive view of the preparedness and resilience of technologies, processes and people that comprise the security response.
The services use adversary simulation, tactics, techniques and procedures to exploit/attack simulated systems or under controlled circumstances. You may be carrying out regular VAPT testing or security audits, all which provide you with visibility about the weaknesses in the systems, but fall short of scenario-based testing. RedStrike assessments are drills that mimic real-life attacks, unannounced and unplanned, in the manner and style of the unknown malicious actor. The assessments are created to test the response preparedness of the InfoSec team, their coordination with IT and other functional groups, the resilience of the organization people/processes/technology to hold up, contain, recover and learn from attacks.
The QCYBER RedStrike team is highly professional (decorated) whitehat hackers, with awesome experience and qualifications.
What is Red Teaming
This is a concept for a real life drill where a team (red team) launches a mock cyber-attack on an organization which will deploy their IT / IS / IR team (blue team) defending the infrastructure and working to repel and contain the attack as in a real situation.
Why Red Teaming when we are doing regular VAPT
Simply because a VAPT will not provide the experience of a real-life attack and allow the IT / IS /IR team members to be able to get hands-on experience in response and containment. A VAPT will test for infrastructure vulnerabilities and test them whereas the Red Teaming will take the opportunity to also test the resilience of the technology and people behind it.
Will a Red Teaming assessment affect my data and network
No. Our design for each client is customized and conducted in a controlled environment. It is usually our endeavor to fully replicate your IT Infrastructure and carry out the tests on the test bed which is not attached to the your live environment. The assessment drill can also be conducted as a table-top exercise.
What is the benefit for us to do Red Teaming
There is a lot to be gained from this activity – hands-on learning by the response team members, gaps in the corporate communications / governance, resilience for IM / BCP / DR, technology weaknesses, help your team experience, assess, and remediate a real-world breach attempt, learn and reduce your response time to events and incidents.
How do I define the scope for such an engagement
You have to identify a goal for which examples can be like – “boardroom capture”, “is my finance department secure”, “is my network secure”, “can my database be accessed and corrupted” etc.
How much time does the assessment require
This depends on the scope or goal of the engagement, however it is important to note that it is difficult to keep this as a timebound exercise, unless there is a specific activity to be tested.
RedStrike assessment reports will be based on the measured results of various scenarios that have been selected in consultation with your technology and business leaders. The scenario(s) represent the internal and external risk/threat perception as well industry knowns. Some of the standard scenarios comprise:
- DDoS Attack – The simulation can be launched against all outward facing assets covering multiple locations which may be geographically dispersed.
- Advanced Persistent Threat – The team exploits your network with sophisticated malware using multiple payload delivery mechanisms requiring functions like incident detection, response, malware analysis and forensic capabilities, to be on high alert.
- Social Engineering – By far the most common attack vector and the most successful. This attack vector may be used to steal confidential information or get physical access to digital assets.
- Data Theft – RedStrike team used various methods to gain access to and exfiltrate data out without being observed.
Red Team assessments can be delivered as a table-top activity or as Multi-pronged Hybrid Attack Plan – Usually the above attack scenarios and others are launched individually or as a combined action, depending on the nature and scope / goal of the engagement.