Red Teaming vs Penetration Testing - What’s the Difference?

Posted by Emma Seaman - 04 August, 2017

header-picture

Traditional penetration testing is crucial to security, but can be limited due to time and scope constraints. In comparison, Red Team campaigns seek to remove this limitation by providing a service that recreates actual attack scenarios and expose attack surfaces. 

Red team engagements are as close to a real world hack as you can get. Normal penetration testers don't have to account for adversaries, so there is no one to hide from. While a penetration test's goal is to find vulnerabilities, each red ream campaign has a specific objective... to be achieved through any means necessary.

Interested in finding out how your defence would hold up in a real world attack? Then red teaming is for you.

What is your biggest fear?

Unlike penetration testing, Red Teaming focuses on business outcomes. For example, health organisations may fear losing their clients personal identifiable information (PII) while financial institutions may be more concerned about an attacker gaining access to their ledger. A Red Team engagement has a specific goal, and go about achieving this without being restrained by traditional penetration testing boundaries.

By conducting a Red Team engagement, organisations are not only able to find out where certain vulnerabilities may lie, but also test their Incident Response (IR) capabilities, Blue Team (if they have one) and even their own end-users level of information security awareness (ability to detect fraudulent phishing emails or social engineering attempts). Red Teaming allows you to understand your enemies better by simulating the specific actions they may take. This, in turn, gives you additional opportunities to protect your assets by disrupting the enemy's potential actions.

Do I need Red Teaming?

How mature is your information security posture?

Almost all organisations conduct penetration testing on a regularly basis. A penetration test allows organisations to plan and strategise on where to invest their security budget, and what controls they need to protect their data. It involves identifying vulnerabilities in a target organisation, and exploiting them to determine the level of access an attacker can gain. 

Red Teaming on the other hand, emulates targeted cyber criminal attacks looking to avoid detection. They are able to mimic what a real-world attacker would do, having little restrictions so that the client can experience a cyber attack scenario, and determine if their defence can withstand the attack.

The team will initially involve off-site reconnaissance using public sources about the organisation (as a cyber criminal would do) prior to actively polling organisational targets. These targets could include physical work sites or offices, external internet exposed systems, the organisation's employees with the aim of gaining a foothold within the corporate network. Once this has been achieved, the campaign persists and attempts to gain the objectives of the Red Team campaign.

Red Teaming is one of the most comprehensive and in-depth engagements helping organisations determine if and how their most sensitive assets could be compromised.

Overview

Penetration Testing Red Teaming
  • Scope defined and provided by client
  • Finding, evaluating and exploiting vulnerabilities in one dimension
  • Access is provided for internal testing 
  • Employees are typically aware of the test 
  • Office schedule
  • Rules are well defined
  • Systems are tested independently
  • Entire organisation is in scope
  • Finding, evaluating and exploiting only the vulnerabilities that aid in obtaining the goals 
  • Limited number of employees are aware
  • 24 hours 
  • Almost anything goes
  • Measure business impact of successful attacks

 

Are you worried about your most sensitive data?

Register for our Threat Hunting Webinar

Recent Posts

5 Billion Vulnerable Bluetooth Devices

read more

Press Release: Content Security join forces with Wombat Security Technologies

read more

Red Teaming vs Penetration Testing - What’s the Difference?

read more