RED TEAM TESTING
The objective of Red Team Testing, is to probe and test the unconventional threats towards your company.
Traditionally, penetration testing focuses around the “hacker” or internal threat. While focus falls on the electronic acquisition of data the human factor is not tested during this process.
In the digital age, it is easy to forget that even with the very best defences money can buy – it all rises and falls according to the awareness and behaviour of human beings. There are some things that hardware and software simply cannot protect.
At the heart of our testing, we have used experienced testers and intelligence operatives. Their backgrounds and experience position them to be familiar with “charming” their way into facilities, defeating locks and common access control systems with the ultimate aim of conducting industrial espionage and/ or creating the opportunity to gain outside access to the network infrastructure.
As such, our test team engage in several days of pre-attack learning from open source information and physical surveillance. This is then used to create a viable target list from which the team constructed a set of tests.
The test set is then balanced against the rules of engagement and scope of work and narrowed to a final set of tests to be conducted against specific facilities.
The team then approaches the various facilities with the brief in mind and are normally able to execute several credible threats against a company and its infrastructure. This is the most rigorous form of testing for any environment. While protecting your ICT Infrastructure via firewalls and port blocking etc. is of course essential - it all falls flat if an attacker can walk into the building, open a server room or unused office and gain access to the network and sensitive company information.
All security testing must be conducted from the perspective of a determined adversary - and THAT is what we offer. The strictest of controls are in place to ensure safety and to be certain that our testing does not leave open vulnerabilities. A learning outcomes document including video/ photo evidence of breeches achieved via social engineering and osint form the final product.
A Red Team cannot be built overnight, nor can it emanate from amateur skills. This is the pinacle of tests and requires seasoned professionals with the right mindset and understanding of both physical and digital security. Advanced skills in electronics and electronic countermeasures are essential - and of course well honed social engineering abilities will be a must. While many may claim to have these skills at hand - we do.
We ONLY conduct three Red Team tests per year due to their complexity and the timescales involved in these projects. Please be sure to contact us with sufficient notice to assist with planning your requirements.