Red Team Assessment Phases: Overview

Computer systems and networks contain valuable information, and hackers are out there trying to steal that data. This has led to the development of the red team assessment, a test to help an organization identify and correct vulnerabilities and flaws in their cybersecurity defenses before a hacker can find and exploit them.

To do so, an organization hires a red team to perform an assessment. The red team’s job is to think and act as a hacker does in order to find the vulnerabilities in an organization’s network that are the most likely to be exploited. Once they’ve done so, the red team reports their results to the organization.

Every red team assessment is unique, but they tend to follow a flow through seven main phases, as described in the following section.

Breaking Down the Red Team Assessment Phases

The basic steps of a red team assessment can be broken up into seven main phases, and most red team assessments will include all phases in roughly that order. However, the specifics of the situation may mean that certain phases are skipped (as in a white-box assessment) or performed out of order (for example, if an attempt to gain access fails and the red team has to start over). The phases of a red team assessment are useful in understanding how a red team assessment works but are not set in stone.

Planning/Setting Objectives

The first phase of a red team assessment usually involves planning and setting objectives for the assessment. The organization being assessed may have specific wishes for the red team assessment. For example, the red team may only be required to demonstrate the ability to access sensitive information, not exfiltrate it. A common limitation is disallowing the use of social engineering as part of the assessment.

A crucial (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Howard Poston. Read the original post at: