The future of Red Team operations - Security Boulevard

The future of Red Team operations

Introduction

The Red Team assessment is an increasingly popular method for an organization to get a realistic feel for their overall security. Organizations’ attack surfaces are large and constantly growing, so the ability to identify the vulnerabilities most likely to be targeted by an attacker can be invaluable.

In the future, Red Teaming is likely to only grow in popularity, but other changes can be more difficult to predict. However, there are a few trends that are likely to shape the future of Red Team assessments.

Driven by regulations

In recent years, the regulatory landscape has expanded dramatically. The threat of data breaches has driven governments to pass new regulations designed to protect the sensitive information of their constituents that has been entrusted to or collected by corporations.

The most famous of these new regulations is the EU’s General Data Protection Regulation (GDPR), which protects the data of EU citizens regardless of where the company collecting the data is located. However, this is not the only data protection in existence. Many countries and US states have passed their own data privacy laws, and existing laws like PCI-DSS, SOX and HIPAA are still in effect.

It seems likely that future Red Team assessments will be driven by the need to demonstrate compliance with applicable regulations and standards. Some regulations require regular testing, and all of them levy fines for failing to demonstrate the ability to adequately protect customer data. When the cost of non-compliance outweighs the price of comprehensive security testing, Red Team engagements, especially those with a compliance focus, will likely become an even more popular way of testing an organization’s security posture.

ML-enhanced engagements

The goal of a Red Team assessment is to accurately simulate how an organization would be attacked in order to identify vulnerabilities that are likely (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Howard Poston. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/qs3MGuc6E-E/