Red Team Assessments

Measure how well your organization can withstand a real-life attack

Although vulnerabilities may seem small on their own, when they’re tied together to form an attack path, they can cause significant damage. Our Red Team models how a real-world adversary might attack a system and how that system would hold up under attack. In addition to evaluating the security of your system, Synopsys Red Team Professional Services also tests your organization’s incident response procedures. After a red teaming exercise, you’ll have a better understanding of your organization’s security posture as it relates to specific threat actors attacking a set of defined assets, and you’ll know where to focus your efforts for improvement.

We seek out exploitable security holes

Our Red Team identifies immediately exploitable security holes across an organization’s attack surface using a variety of composite attack vectors by chaining together seemingly separate or cross-domain vulnerabilities. This includes relationships between systems, software, and people. Some areas of risk we may look for are: 

  • Personally Identifiable Information (PII), Primary Account Numbers (PAN), or Protected Health Information (PHI) on employee workstations or network shares
  • Sensitive data written to log files
  • Unmasked data in reporting dashboards
  • Encryption keys in source code

Answer the age old question: What’s our risk?

Is your organization prepared for an attack?

Our attack process chains together seemingly separate vulnerabilities for a holistic view of your applications, networks, and team behaviors. Each red teaming assessment takes a systematic, repeatable, and methodological approach that consists of 6 essential steps:

1. Goal setting
You’ll determine the specific goal/asset you want our Red Team to target.

2. Reconnaissance
Our Red Team identifies network services, Web applications, and employee portals.

3. Exploitation
Our Red Team identifies vulnerabilities, whether they’re software or human vulnerabilities, by utilizing application and network penetration testing (e.g., cross-site scripting), as well as common human manipulation techniques (e.g. email and phone-based phishing).

4. Network Pivoting and Escalation
Our Red Team gains access inside the network through one of the vulnerabilities they discover. This may include physical facility exploitation and/or business process tampering. An example of this is “tailgating” or posing as employees or contractors to gain access to a physical workplace.

5. Obtain target
Our Red Team accesses sensitive corporate assets.

6. Remediation
At the end of each assessment, Synopsys Red Team Professional Services provides strategic business recommendations to address complex vulnerabilities that were discovered, a high-level executive summary, and details of the attack flow Synopsys performed.

Our Red Team uncovers where you need to spend more time, budget, and effort on security.

Leverage our expertise

Synopsys has performed Red Team assessments for a variety of companies, both Fortune 100 and regional businesses, spanning multiple verticals including finance, gaming, health, and Cloud. Find out how Synopsys can help ensure your network, physical, and social attack surfaces are secure.