Developing an Effective Red Team
Penetration testing (pen-testing) is characterized as a method of evaluating internal and external technical security controls through a methodically planned simulated attack that imitates threats from malicious outsiders and malicious insiders to understand the security weaknesses in a system and/or network. When properly executed, pen-testing is a critical tool in assessing and improving security of systems. When not properly executed, testers can crash servers, expose sensitive data, corrupt crucial production data or cause a host of other adverse effects associated with mimicking the actions of attackers. Automating the process can improve efficiency, however, automation can often lull security staff into a false sense of security. The goal of pen-testing is to find the things analysis and tools may have missed, and validate assumptions and understandings of the system environment. A Red Team, or penetration team, can be an effective tool in testing for vulnerabilities and exploits (GCN Web, 2013).
Developing an effective Red Team requires finding people with a malicious mindset and high technical skill who can effectively think like an attacker would. A good Red Team member is someone who can look at corporate policy, procedure and technology, and find ways to bypass controls put in place. The technical side can be very demanding so the Red Team personnel must be proficient with multiple penetration testing tools, exploitation, and persistence techniques. If your Red Team is under qualified you run the risk that the system will not be tested in a realistic manner. Red Teams should contain creative thinkers that find ways of doing and getting around things.
Leaders of the Red Team should not only have the technical expertise, but also the business sense to identify and pursue opportunities within the organization. The Red Team leader must also be able to help senior executives quantify the assets that need to be protected and the threats that should be protected against.
Once a Red Team has been put into place, it should be able to function effectively and perform impactful assessments and generate meaningful results. Assessments should reveal vulnerabilities when faced with real world attacks. Once vulnerabilities are identified, the development team should be able to revise and harden the system against them (Richards, 2015).
GCN Web. (2013, February). Penetration testing: Pros and cons of attacking your own network. Retrieved July 31, 2015, from http://gcn.com/articles/2013/02/04/pros-cons-penetration-testing.aspx
Richards, T. (2015, July). How to Build an Effective Red Team Program. Retrieved July 30, 2015, from https://www.cigital.com/blog/how-to-build-a-game-changing-red-team/