SRM’s CREST qualified consultants combine a rigorous training process with real-world experience so they can think creatively and with the mindset of a genuine hacker. The difference is that they work for you.
Who needs this service?
Cyber-mature businesses benefit from Red Team engagement. Red Teaming assists in ensuring your organisation is equipped to respond to any type of attack scenario through ‘real-world’ simulations which test protection, monitoring, response solutions and processes. Valuable lessons are learned enabling you to improve your security posture.
What is Red Team Engagement?
In the world of information security which is riddled with acronyms, the deceptively simple ‘Red Team’ may take a little explaining. The term has its origins in the US intelligence community and its actual meaning is a little more mysterious. A Red Team explores alternative futures, challenging an organisation to improve its effectiveness. In our context, a Red Team provides real-world attack simulations designed to assess and significantly improve the effectiveness of an organisations’ entire information security programme.
The ultimate goal is to use offensive techniques to enable you to identify areas for improvement and/or to validate the capability of your response. The extent of the scope is not limited to cyber security but can also include consultants going under cover within an organisation to explore the breach vulnerabilities of every aspect of the business. It goes without saying that allowing this level of access to your organisation’s network system requires a high level of trust.
How does it work?
The key difference between a standard manual penetration test and a Red Team engagement is the extent of scope; thus, replicating the wider view an actual attacker would have. While a penetration test is often focused on a key application or system, the Red Team turns standard thinking on its head. It is fully bespoke and goal orientated rather than process-driven. The goal will often be: ‘we have this highly sensitive network/piece of data/solution – can anyone get access to it?’
Red Team engagement includes a wide variety of applications, systems, people and physical locations within the scope of testing. Naturally, the extent to which the Red Team will operate and engage will be defined by you, but it will always take a wider view of potential attack vectors and mirror a persistent attacker.
Why use SRM?
SRM consultants with CREST qualification have undertaken a rigorous training process to learn real-life hacking skills, helping them to think creatively and with the mindset of a genuine hacker. In addition, they have extensive experience in this type of work. Of course, the SRM service does not stop after the event. Comprehensive reporting and remediation advice allows our clients to take stock of their current posture, amend and prepare to re-test.
Test & Exercise Services
From vulnerability assessments to Red Team engagement, we provide a full range of bespoke services to deliver a robust and cost-effective solution for your Test and Exercise requirements.
Phishing, baiting or tailgaiting: the team at SRM can safely and securely build an attack scenario to test how the organisation would respond to a real and malicious attempt of this nature.
At SRM we have developed VirtualCISO™ and VirtualISM™, which are totally bespoke services, providing as much or as little as required depending on the individual company.
GDPR and data security in the gambling industryTuesday, August 21st, 2018
This article first appeared in the Q3 edition of Casino & Gaming International (CGi ) and appears here with their kind permission. As the implications of the General Data..
Three stages to building a robust defence against external threatsFriday, April 27th, 2018
The news has been full of concerns that foreign powers are using state-sponsored hacking as a means to undermine the infrastructure of foreign powers. While it is irresponsible to..
How attack is the best form of defence when it comes to protecting against the rising trend in phishing and social engineering attacksMonday, April 16th, 2018
The recent April 2018 Trustwave Global Security Report reveals new global trends in the world of cyber hacking; most notably a move away from smaller high volume point-of-sale (POS)..