Red Teaming
Red Teaming has overlap with penetration testing and application security testing, but in addition to testing the technical mitigation aspects of your security stance, it also tests the humans and detection capabilities in your organization.
Red teaming activities range from stealthy recon and penetration of your defenses, to working directly with your blue team/SOC. Red teaming falls into two categories: Adversary Simulation and Technique Simulation.
Adversary Simulation
This form of red teaming is an objective-driven, stealthy, adversarial simulation which attempts to actively circumvent security controls by carrying out exploits and attack vectors that take advantage of a series of discovered vulnerabilities and/or weaknesses in technical controls, human behavior, process and detection gaps, etc. The red team operation often takes output found during the pentest and/or app testing portion of the engagement, physical attacks and/or social engineering, exploits them, then moves as deep into the network as possible, just like an adversary would.
The objective(s) can include comprising high-value workstations and servers in your network with a persistent backdoor/RAT, gaining access to and exfiltrating your most valuable data, getting domain admin, gaining write access to source code repos, etc. An overarching goal to the specific goal(s) set forth is to avoid getting caught/seen/detected. Once the objective(s) is achieved, assuming we are not caught in the act, we will “get noisy” so your incident responders will see us. This gives them the opportunity to practice the incident response process, including discovery, containment, eradication and recovery.
Adversary Simulation is largely centered around current attacker techniques and campaigns (as seen in the MITRE ATT&CK framework), but also includes the usage of PTES, NIST SP 800-115, OSSTMM, and OWASP testing guides and our internal/proprietary methodologies.
Technique Simulation
The second category we put red teaming activities into is Technique Simulation, sometimes referred to as “purple teaming." This type of red teaming gives the best ROI of any security testing service. During this testing, we work closely with your blue team staff while launching individual attacker techniques. We monitor the activities to ensure they are mitigated and/or detected, and if not, help your blue team build the needed capability to do so. This cycle repeats numerous times to cover as many techniques as the engagement scope allows.
Parts of this testing use automated processes, while other techniques require manual methodologies. As such, it is common to run the automated processes first and then perform as many of the manual techniques as the engagement scope allows.
Technique Simulation and the techniques tested are largely centered around the MITRE ATT&CK framework, but can also utilize some of the same references listed in Adversary Simulation.Â
Sample Pricing
Because our Red Teaming services are highly tailored to each client engagement, it is not possible to give sample pricing. The following are some of the key criteria in determining the costs for Adversary Simulation:
- Small: No dedicated SOC, minimal technical control – basic level engagement
- Medium: Basic out-of-the-box security controls, basic security staff – intermediate level engagement
- Large: Multi-layered, out-of-the-box security controls, SOC – advanced level engagement
- xLarge: Custom security controls, advanced SOC – nation-state level engagement
Add-On Services
In order to keep our testing prices low, we’ve removed certain services that not every client requests. Under our Cybersecurity Unlimited Retainer (included with all of our contracts) you can add on the following services as needed. Please reference the Cybersecurity Unlimited Retainer page for pricing details.