Red team exercises are a sophisticated goal-based approach to testing security readiness & awareness. Ultimately this is to assess security planning & preparation to evaluate whether it is complete, relevant and appropriate to the threat.
BDO can deliver an advanced capability to mimic real world attack scenarios, without the actual risk of being targets of such attacks. Our converged approach can combine:
Physical attacks on company facilities or employees which may be used as a conduit to obtain further access into networks, or manipulated into disclosing sensitive data; and testing the security awareness of employees, who might discloses personal information to fictitious forms, respond to fraudulent e-mails or download malicious files.
Cyber-attacks on internet-facing assets such as external networks, and vulnerable web applications which may be exploited by an attacker to disclose its entire backend database to a web server.
Cyber-attacks on intranet-facing assets, such as internal and wireless networks to reveal high severity vulnerabilities within working applications, and code review to flag bad practices within environments particularly that constitute exploitable vulnerabilities
EXERCISING REAL WORLD SCENARIOS
Red teaming is not just about testing security. A red team exercise will simulate a ‘real-world’ threat scenario, using an up-to-date attacker modus operandum which is based the latest threat intelligence and our understanding of attacker operations. Invariably it will identify multiple points of failure whether technical, or human, or procedural. It will check your situational awareness, holistically assess your security posture, expose vulnerabilities that would enable a breach, and demonstrate how a sophisticated attacker would exploit them to achieve his goal.
ALL INTENDED TO PROVIDE
• Short-term tactical fixes for immediate remediation of any outstanding vulnerabilities within the tested environments.
- Long-term strategic measures that will proactively thwart any potential repetition of vulnerabilities discovered during testing.
- A robust set of conclusions and industry best practice recommendations based on real-world scenarios and tangible evidence of performance.
- Prompt engagement in program of remediation efforts and continued security assessment to ensure a consistent and ongoing security risk monitoring and security posture reinforcement.