Cookies policy

The SRM website uses cookies to store information on your computer. By continuing to browse this website you are agreeing to our use of cookies. Learn more

The cookies stored on your computer when using the SRM website are used to anonymously record your usage of the website using Google Analytics.

Please read our privacy policy for further information.

Cookies accepted

Thank you - you've accepted our cookies policy.

Bespoke Penetration Testing

  • Red Team Engagement

    Learn more about SRM's Red Team Engagement service

    Download

Not only does your system need to be secure; it needs to be seen to be secure.

We work with you to understand your business requirements to develop a test plan which satisfies all stakeholders that your web and supporting infrastructure are secure.

Our service considers external and internal threats using proven tools to simulate attacks on your infrastructure.

  • Websites and associated applications
  • Third party applications
  • Firewall, IPS & IDS Evasion
  • Company and client wireless solutions
  • Internet of Things (IOT) both devices and management infrastructure
  • End user device testing including printers and other peripheral devices
  • Mobile applications (IOS/Android & Windows), including OWASP Top 10 Mobile Risks
  • Social engineering (to fully test your IS awareness policies) Telephony / VoIP systems (on premise and hosted solutions)

We hold a range of accreditations both at a company and individual level including QSA, PA-QSA, CISSP, Cyber Essentials (IASME) and Tiger.

Our deliverable to you will be a comprehensive but easy to understand detailed breakdown of all your results presented by a consultant in an easily interpretable report. It will identify the threats in a jargon free manner so that we can work together to mitigate the key risks to your business.

What is a Red Team Engagement?

In the world of information security which is riddled with acronyms, the deceptively simple ‘Red Team’ may take a little explaining. Breaking down the initial letters of industry terms usually provides a clear indication of the service provided. But the term Red Team has its origins in the US intelligence community and its actual meaning is a little more mysterious. In that context, a Red Team explores alternative futures, challenging an organisation to improve its effectiveness.

In our context, a Red Team provides real-world attack simulations designed to assess and significantly improve the effectiveness of an entire information security programme.

Where a normal penetration test focuses upon identifying and exploiting issues within a specific system/clearly defined scope, the Red Team differs in that it is very much goal/objective orientated. As a result, this allows for a much larger attack surface for the penetration tester to target in an effort to reach the pre-defined goal/objective.

Purpose?

To put your network, applications, people and processes to the ultimate security test, you need to subject yourself to real-world scenarios that are designed to establish how well your defence and response processes measure up. This is achieved through a combination of simulated social engineering (physical and technical), network and application attacks from SRM.

The Solution?

The key difference between a penetration test and Red Team engagement is the extent of scope; thus replicating the wider view an actual attack would have. Whilst a penetration test is often focused upon a key application or system, a Red Team engagement is fully bespoke and often ‘goal orientated’. This goal will often be: ‘we have this highly sensitive network/piece of data/solution – can you get access to it?’

With the above in mind this will result in several considerations by the Red Team – e.g. Can the data center housing the information be physically accessed? Can a user be manipulated into providing us with access (via phishing, vishing etc.)? Are network attack vectors present which may allow a level of access? Is a combination of these attack vectors required?

As a result, Red Team engagement includes a wide variety of applications, systems, people and physical locations within the scope of testing. Naturally the extent to which the Red Team will operate and engage will be defined by you, but it will take a wider view of potential attack vectors and mirror a persistent attacker.

A Red Team engagement will therefore have free rein in terms of attempting to gain access to the defined goal whilst ensuring a controlled approach.

The Benefits?

The benefits of this approach is that it allows you to validate your protection, monitoring and response solutions or processes. This assists in ensuring your organisation can respond to an emulated ‘real-world’ attack where varying avenues of approach can be used, rather than a limited focus on a single system.

The ultimate goal is to use offensive techniques to enable you to identify areas for improvement and/or to validate the capability of your response. Even in the event of the objective not being wholly realized a number of recommendations/learning experiences will still be achieved, thus always assisting towards further improvement of your security capabilities.

SRM Testing Solution Matrix

The below table aims to demonstrate the varying ‘Package’ options provided by SRM, along with the category of testing these fall into. 

Please note that the services and ‘Package’ options are representative and do not mean each aspect is a requirement when scoping your test requirements. For example, you may wish to opt for ‘Advanced Penetration Testing’ minus ‘Wireless Testing’. Ultimately, SRM are able to provide a fully bespoke Testing Solution which fits your current requirements – this can naturally evolve over time and will be defined as part of our ‘Free Scope Consultation’ service from the outset.

Bespoke Penetration Testing - SRM

Services

What is a Red Team Engagement?

In the world of information security which is riddled with acronyms, the deceptively simple ‘Red Team’ may take a little explaining. Breaking down the initial letters of industry terms usually provides a clear indication of the service provided. But the term Red Team has its origins in the US intelligence community and its actual meaning is a little more mysterious. In that context, a Red Team explores alternative futures, challenging an organisation to improve its effectiveness.

In our context, a Red Team provides real-world attack simulations designed to assess and significantly improve the effectiveness of an entire information security programme.

Where a normal penetration test focuses upon identifying and exploiting issues within a specific system/clearly defined scope, the Red Team differs in that it is very much goal/objective orientated. As a result, this allows for a much larger attack surface for the penetration tester to target in an effort to reach the pre-defined goal/objective.

Purpose?

To put your network, applications, people and processes to the ultimate security test, you need to subject yourself to real-world scenarios that are designed to establish how well your defence and response processes measure up. This is achieved through a combination of simulated social engineering (physical and technical), network and application attacks from SRM.

The Solution?

The key difference between a penetration test and Red Team engagement is the extent of scope; thus replicating the wider view an actual attack would have. Whilst a penetration test is often focused upon a key application or system, a Red Team engagement is fully bespoke and often ‘goal orientated’. This goal will often be: ‘we have this highly sensitive network/piece of data/solution – can you get access to it?’

With the above in mind this will result in several considerations by the Red Team – e.g. Can the data center housing the information be physically accessed? Can a user be manipulated into providing us with access (via phishing, vishing etc.)? Are network attack vectors present which may allow a level of access? Is a combination of these attack vectors required?

As a result, Red Team engagement includes a wide variety of applications, systems, people and physical locations within the scope of testing. Naturally the extent to which the Red Team will operate and engage will be defined by you, but it will take a wider view of potential attack vectors and mirror a persistent attacker.

A Red Team engagement will therefore have free rein in terms of attempting to gain access to the defined goal whilst ensuring a controlled approach.

The Benefits?

The benefits of this approach is that it allows you to validate your protection, monitoring and response solutions or processes. This assists in ensuring your organisation can respond to an emulated ‘real-world’ attack where varying avenues of approach can be used, rather than a limited focus on a single system.

The ultimate goal is to use offensive techniques to enable you to identify areas for improvement and/or to validate the capability of your response. Even in the event of the objective not being wholly realized a number of recommendations/learning experiences will still be achieved, thus always assisting towards further improvement of your security capabilities.

SRM Testing Solution Matrix

The below table aims to demonstrate the varying ‘Package’ options provided by SRM, along with the category of testing these fall into. 

Please note that the services and ‘Package’ options are representative and do not mean each aspect is a requirement when scoping your test requirements. For example, you may wish to opt for ‘Advanced Penetration Testing’ minus ‘Wireless Testing’. Ultimately, SRM are able to provide a fully bespoke Testing Solution which fits your current requirements – this can naturally evolve over time and will be defined as part of our ‘Free Scope Consultation’ service from the outset.

Bespoke Penetration Testing - SRM

Contact us

Red Team Engagement

Fill out the form below and get a free copy of our Red Team Engagement Service Document.

  • This field is for validation purposes and should be left unchanged.

Thanks for filling out the form.

Please download your file below.

Download Red Team Engagement