What is a Red Team?

Andrew McIntosh | June 24, 2020

Picture this scene: you’re a business owner. You’ve got bills to pay, customers to please, and payroll to run. On top of it all, you get the phone call many business owners dread: you’ve been hacked. The good news, in this case, is you paid the hackers to do it. This video explains what a Red Team is and how they can help your business stay safe:

You’ve probably heard the term “red team” get thrown around a lot in meetings, but what actually is one? A red team is in essence a security test. You call in a company or assemble a team yourself, and they do their very best to break into your organization.

Far from this being a macabre exercise to show all the vulnerabilities you have, it’s designed to help you improve your security posture. But what’s the difference between a red team and a penetration test?

A penetration test, or as it’s also known, pentest or ethical hacking exercise is where you bring someone in to test an application or a service that you operate. They test your security controls but nothing else, and they don’t need to worry about setting off any alarms. After all, you know what they’re doing and why they’re there. At the end of it, you will be delivered with a report with all the findings in. It’s normally something you get done once a year or every six months and you keep going to ensure your applications compliance with security frameworks like PCI DSS. After all, there’s nothing worse than implementing a major change to your infrastructure and then getting a hefty fine in the mail as you inadvertently had a bug that let other people view records.

A penetration test looks at the applications you have. Just the applications. Normally nothing more than what you’re running on your web-servers or PCs.

But what about the people behind those PCs? What about Donna down in marketing who always ends her emails with a smiley face or Jim in sales who managed to forget his password that week you had record sales?

And what about the actual servers? Is the hosting provider you hired actually keeping them locked away? What if someone loses their laptop?

There are a lot of moving parts in an organization, and that’s where the true value of a red team comes out.

If you’re a small to medium sized business, you’re probably thinking that there’s no point in a red team. After all, “we’re so small that nobody would want to target us”, but think about it – if you were a bad guy, wouldn’t you want to go after the place that’s unsuspecting?

In a red team, security professionals look at your entire organization – from the employees to the actual building itself. They begin with no knowledge of how your organization works and attempt to break in where they find flaws. And instead of just stopping there and writing a report, they see how far they can go. How much impact a single reused password or missed security patch exactly has can be difficult to quantify and is part of the reason why pentest reports are often so hard to understand. With a red team you end up with measurable impacts, held in relation to how your company actually works.

A red team looks into every aspect of the organization they can, to make sure every risk factor is fairly analyzed. Human factors, technology and your organizations physical presence; it’s all included.

Actual techniques that an attacking group might use are also employed – social engineering and covert entry, among other techniques are implemented in a way that a threat actor might utilize them; to ensure that you’re getting an accurate picture of how your business may be attacked.

And at the end of it, the red team will provide you with a list of things that they managed to do, that an attacker might have tried. Good job these guys got there before right?

Almost immediately, you’ll get a huge amount of value from one of these tests – not just in what you find but how it was discovered. Often an unconventional entry point that you may not have known about in your business will be used to pivot into the organization and establish a foothold. And with that information you’re now armed to shore up your defences. There’s no such thing as 100% secure, and we encourage you to actively challenge anyone that says otherwise, but with a red team, and the changes you find after one, you’re a large step closer to getting there.

At Skye Technologies we’ve got a good background in security, and are ideally situated to help you implement the changes you’ve been given after a red team, to bring your business up to a secure footing.

Guide: 10 Steps to Improve Your Business Technology

We put together an “IT recipe” that can produce better results, tighter security and higher productivity for your business.

Enter your email address below to get it now!