Red teaming

Red teaming is a step above traditional pentesting. It is an offensive objective-driven exercise that simulates real-world attacks by replicating the Techniques, Tactics and Procedures (TTP) of real-world adversaries. It is the most realistic way to assess an organisation's ability to prevent, detect, and respond to cyber attacks.

The role of the red team is to simulate an attack on your organization while causing minimal disruption to day-to-day operations. By setting the objectives to reflect a real-world attack scenario, the engagement becomes representative of the specific threats facing an organization and assesses its ability to defend and respond to the next attack.

Watch how red teaming can help your organization

The objectives of a red team test is to reflect a real-world attack scenario focusing on revealing potential threats to the critical data from the wider business rather than being confined to a specific subset of assets. It is a deep dive into the risks and vulnerabilities of the business and is also designed to exercise internal teams and their procedures for such an event.

Find out more here on the overview of red teaming.

• Red Team testing (offensive assessments), attacking the whole organization across multiple domains (people, process and technology).
• Purple Team testing (offensive and defensive), with one team performing offensive attacks whilst assessing, and in some cases coaching, the defensive teams’ ability to respond to the attacks.

BSI Digital trust is delighted to be a sponsor of Cyber Scheme, a not-for-profit organisation providing examinations and training to develop the next generation of cybersecurity professionals.

The Cyber Scheme support, educate, and recruit the latest generation of talent with GCHQ/NCSC accredited examinations that meet UK Government Standards in Penetration Testing. Its mission is also to help sponsors source and train the next generation of cybersecurity professionals by ensuring they are ready to work in the industry.

Red teaming is designed to exercise the internal teams and their procedures for responding to and defending against attacks, as they are not afforded prior knowledge of the test. An organization can conduct Cyber Readiness assessments like table-top and threat modelling exercises to be better equipped and maximize the value and insights gained from a red team engagement.

The below diagram is an example of an attack scenario carried by the BSI red team against a financial institution to replicate the threat of a sophisticated attacker motivated by financial gains to identify if it is possible to breach their external perimeter and compromise both their cloud and on-premises environments. The BSI red team was able to identify and exploit several security gaps in the organization's prevention, detection, and response capabilities to achieve the agreed objectives of the exercise. Those security gaps alongside the relevant recommendations were then shared with the organization so they can be addressed to increase their overall resiliency to attacks.

We use a robust methodology aligned with Red Team and CREST STAR assessments but enhanced to include blue and purple team methodologies, which draws on common industry cyber kill chains.