RED TEAM in Cybersecurity

Cybersecurity + blog Z. Oualid today 1

share close

Before we start talking about this concept I’d like to talk a little bit about the history of the word red team.

According to Micah Zenko book “Red Team How to Succeed by Thinking Like The Enemy”, within the Roman Catholic Church, the formal title was the Promotor Fidei or Promoter of the Faith. More commonly, the position became known within the Church and the laity as the Advocatus Diaboli, or Devil’s Advocate. The office of the Devil’s Advocate was the first established and routine use of “red teaming.” However, red teaming was not formally referred to as such by the US military until the Cold War, and it was only standardized in the 2000s.

What is red team and why we need it ?

A red team is a group of security experts that perform what we call red teaming exercises for a company. Red teaming is a structured process that seeks to better understand the interests, intentions, and capability of an enemy through a simulation, vulnerability probes.

Actually, the red team concept was created to correct the old and wrong mindset of security defense. Let’s take phishing as an example. If a company was compromised by a phishing attack, the first person that will be blamed is the end-user. Some people may say that the insufficient education of that end-user is the reason behind this. Education is only a part of the defense in the security operation. The security of a company must not count on the user click or not.

Others may think that treats only use exploits, and this is far from the truth. Patch management is an essential factor in a comprehensive security program that helps with attack surface reduction. Threats understand this and get more creative will attacking a target.

Therefore, if the company was compromised by a phishing attack, this means that the security controls are not well made.

The red team concept was created to solve this dilemma, by using tactics, techniques, and Procedures to emulate a real-world threat with the goals of training and measuring the effectiveness of the people, processes, and technology used to defend an environment.

What is the objectives of this concept ?

the objectives of a Red teaming exercices change from a mission to another, but basically they turn a round this :

  • Compromising an application or a network
  • Possibility to steal data
  • emulating a specific target
  • measuring the effectiveness of technical defenses
  • measuring the effectiveness of a security team

The vulnerabilities and weaknesses identified during an assessment are not the main focus of the Red Team. Actually, they try to provide insight into a target’s detection and response capabilities. It exercises the relationship between its incident response and threat hunting teams by testing network defenders and their tools in ways that cannot be achieved through traditional threat intelligence, literature, or structured testing.

What is the difference between red team and penetration test ?

Penetration TestRed team
Find and exploit vulnerabilitiesIdentify physical, hardware, software, and human vulnerabilities
Determine the risk of architecture vulnerabilitiesTest the organization’s detection and response capabilities
Focuses on the used methodsFocuses on the objectives of an attack
Takes less time than the red teamingTakes longer to complete
Less realisticMore realistic

Written by: Z. Oualid

Rate it

About the author

Z. Oualid

I am a Cyber Security Expert, I have worked with many companies around the globe to secure their applications and their networks. I am certified OSCP and OSCE which are the most recognized and hard technical certifications in the industry of cybersecurity. I am also a Certifed Ethical hacker (CEH). I hope you enjoy my articles :).

Previous post

Post comments (1)

Leave a reply

Your email address will not be published. Required fields are marked *