The following is a guest post by a 2016 Secure360 Twin Cities Gold Sponsor RedTeam Security.
Take a moment to consider:
You and your organization have taken significant steps towards improving the security posture of your company. Perhaps you have purchased the latest next generation hardware/ software, you have your firewalls, your IDS and IPS, and even hung up your security awareness posters.
Now, you’re secure… right?
Some will think they are secure, others would be quick to point out the security controls not mentioned, and all the security professionals will insist they are still vulnerable.
The question remains, what do we do? Perhaps more importantly, what should your company do and do you need to do anything at all?
Attackers don’t care about your next-gen appliance, if you’re in the cloud, or the state of your firewalls. Attackers look for the easy way in, they most often seek the easiest target.
You, your organization, need to make informed decisions. Red Teaming enables organizations to make informed, prioritized, and business-wise decisions based on realistic and actionable evidence.
So, what is this “Red Teaming”?
Simply put: Red Teaming engagements are focused on your assets with the intent to identify, through a simulated multi-layered attack, how secure your assets are. Every Red Teaming engagement is scalable relative to your needs and the value of your assets.
The engagement starts with research and reconnaissance. Next, your facilities, your people, your network, and your applications will be tested. No attack vector is out of scope – just as you would expect from a real attacker. After some time, you receive a report which outlines the entire engagement, prioritizes the findings, and enables you to make those informed decisions on what to fix. Our holistic approach emulates the thought process of today’s adversaries.
When you attend “Are You RedTeam Secure?”, at Secure 360, you will:
- Hear stories about actual Red Teaming engagements
- Know who to choose when it is time for Red Teaming
- Realize what is in scope for a Red Teaming engagement
- Understand when you should conduct a Red Teaming engagement
- Discover why Red Teaming makes sense for your organization
- See how Red Teaming is done
How is Red Teaming different from other types of penetration testing?
Typical penetration tests are strongly scoped, often time boxed, and limit the discovery of vulnerabilities to the environment or assets being tested. Typical penetration tests result in an understanding of the security vulnerabilities in that specific scoped, subset, of your company’s security risk exposure.
Red Teaming is not limited to a subset of your organization and its assets. Just like real-world attackers; a Red Teaming engagement considers, and tests, all attack vectors. The result of a Red Teaming engagement is a comprehensive understanding of your company’s total security risk exposure.
Who is RedTeam Security?
We are a boutique penetration testing company refining offensive security.
It is our mission to partner with out clients in mutual collaboration to achieve an actionable understanding of each client’s unique security risk profile. We strive to ensure clear communication, deliver actionable results, enable vulnerability remediation, and conduct retesting at a reasonable and competitive cost.
Our core competencies include:
- Red Teaming
- Subvert Physical Security Controls, Social Engineering, Network Penetration Testing, & Application Penetration Testing
- Network Penetration Testing
- Internal & External
- Application Penetration Testing
- Web Applications, API’s, & Mobile
- Social Engineering
- Email Spear/Phishing
- Telephone Spear/Phishing
- Text Spear/Phishing
- Physical Overt/Covert Social Engineering