Everything You Need To Know About Red Teaming in 2018

Introduction

An old military saying states that in a long-running conflict, the opposing parties eventually adopt similar tactics. Well, if there is a long-standing conflict in the digital world today, it is between the intrepid professionals who work to protect their organizations’ data against the ever-present threat of cybercrime — a phenomenon that has continued to evolve in terms of tactics and tools over the last decade.

In this context, there’s nothing more natural than for security teams to adopt the practices employed by cybercriminals to their own benefit. No, your security team will not become a group of digital vigilantes and go out looking for opportunities to attack potential enemies; but if your goal is to stay protected and remain law-abiding, a much more efficient approach is to use the same tools and tactics employed by your adversaries to understand the true level of resilience of your own defenses.

The concept is not new: For many years, we have done vulnerability assessments and intrusion testing. But in a world where new digital threats are constantly appearing, it is necessary to go further. And that’s exactly where the concept of Red Teaming comes in.

What Is Red Teaming?

As defined by Bryce G. Hoffman, author of one of the leading books on the subject: “Red Teaming is a revolutionary new way to make critical and contrarian thinking part of the planning process of any organization, allowing companies to stress-test their strategies, flush out hidden threats and missed opportunities and avoid being sandbagged by competitors.”

In the context of cybersecurity, Red Teaming is a complete simulation of the behavior of a real adversary such as a cybercriminal. This includes a multilayer approach to security testing that not only exploits vulnerabilities in technology, but also weaknesses in people and processes within (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Claudio Dodt. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/EC1qsTIdBUY/