Maksim Kabakou - Fotolia

Security Think Tank: Red teaming will benefit security mature organisations most

How can organisations use red teaming to identify security gaps?

Red teaming – the practice of “friendly” parties taking on the role of adversaries – helps an organisation understand where it might be exposed in terms of information security.

This is not just about penetration testing – a red team behaves like an attacker or nefarious group using any and every means possible to gain unauthorised access to the organisation’s information. A “blue team” will endeavour to defend the organisation from attack.

A red team exercise involves thorough planning, with clear objectives. Set out possible scenarios, skills required, use of available technology and possible outcomes. Decide what you will do with the results of the exercise to defend the organisation better. It may not be feasible to deal with everything, so often the organisation will risk-assess the issues identified and prioritise accordingly.

Red teaming can be expensive, more so when using an external party. Even when using internal resources, individuals are being taken away from their day-to-day roles to participate – although this can improve employee engagement. Some organisations undertake a like-for-like exchange with a similar organisation, saving the costs of employing a fully external red team, but benefiting from an outside perspective.

Having an experienced external team involved in facilitating the exercise or testing real-time defences is likely to achieve better results for the organisation.

Read more Security Think Tank articles about red teaming

During a red team exercise, individuals are assigned specific roles (possibly with a biography), so they think like a particular type of attacker (a cyber terrorist or hacktivist, for example). The team must be open-minded and embrace the challenge wholeheartedly, behaving like an adversary for the duration of the exercise.

The frequency of undertaking red team exercises often depends on the organisation’s information security maturity. A mature organisation may benefit from performing these exercises as frequently as every six months, whereas less mature organisations will focus on addressing the SANS Top 20 before embarking on red teaming.


Maxine Holt is principal analyst at the Information Security Forum (ISF). ......................................................................................... ..............................................................................................

This was last published in April 2017

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close