Posted by Thomas Richards on July 23, 2015
Putting together a game-changing red team requires finding the right personnel with the malicious mindset, technical talent and vision to drive the program to success. This team must have a leader who can drive the program and technical staff who will perform the day-to-day activities.
Putting together an impactful and game-changing red team will increase your organization’s security posture by performing holistic testing and emulating real world threat actors. This process will identify areas where vulnerability protection, attack detection and reaction processes can be improved to prepare for a real attack.
Key personnel with leadership and vision are required in order to drive a red teaming program to success. The leaders of the red team should not only have the technical expertise, but also the business sense to identify and pursue opportunities within the organization. This will help them communicate strategic goals to their team and outline business risks with senior organization leadership. They’ll also shape and drive the mission of the red team and lead the program to success. The red team leader must be able to help senior executives quantify the assets that need to be protected and the threats that should be protected against; that critical information will help inform the types of attack scenarios utilized by the red team.
Red team practitioners require a certain mindset, which can be best described as “thinking maliciously.” A red teamer is someone who can look at corporate policy, procedure and technology and find ways to bypass controls put in place. The technical side of an engagement could be very demanding so the red team personnel must be comfortable with multiple penetration testing tools, exploitation and persistence techniques once inside of a network. Frequently, red team engagements allow for exploiting human weaknesses around trust in various mediums, such as phone, email and in person. Red team personnel should be comfortable with exploiting trust relationships and be able to abuse societal norms in order to conduct social engineering campaigns.
Once these core members of the red team have been put in place, they will be able to function effectively within your organization to perform impactful assessments and generate insightful results to the overall effectiveness of the security program. These assessments will shine a light on your organization’s weak spots when faced with real world attacks. Once these are understood, your organization will be able to put controls in place or modify policy to prevent those attacks from being successful by outside threats.