As with most anything in life, you want to set SMART goals. Setting goals that follow this guideline (Specific, Measurable, Achievable, Relevant and Time-bound) allows you to form hypotheses and set firm parameters around your work and what potential outcomes to expect. This is no different for the Red Team whose sole purpose is to test the security measures currently in place and test how to improve or continue that in your infrastructure.
Though the core mission of your Red Team is to test aspects of your own security plans and procedures by deliberately challenging your security posture – that’s just the umbrella that hangs over all of what you can and should be doing within your Red Team. The mission may remain the same but the actions may vary company by company or even year by year as you continue to grow and combat the latest threats.
Types of Red Team Goals
While the scope of your work may vary, teams are typically established in order to:
- Challenge your organization’s assumptions and identify faulty logic or flawed analysis
- Assess the strength of the evidence base or the quality of your information
- Identify alternative options or outcomes and/or explore the consequences of an action plan.
- Test your system, network, applications and more through the eyes of an adversary
- Understand the options for an adversary to break into and move throughout your system
Red Teams are in place to help test your organization and determine how well it will hold up against actual vulnerabilities in your network – and that are current risks to the security of your organization. The goal for your Red Team should be to succeed in reaching the sensitive data or by taking control of certain environments (depending on what you’re testing for) despite the best efforts of the defensive security measures currently in place in the company.
Results of Red-Teaming
While the outcome of your Red Team’s initiatives could vary, they will never be “bad”. Let me explain. On one hand, your Red Team could penetration test your organization and not be able to get through to the sensitive material or take control of certain operations. This would reaffirm that the security methods in place are in fact working and provide assurance that the current course of action is meeting the needs to operate healthily.
Alternatively, they could test your infrastructure and find that there are gaps in your security which would allow for adversaries to breach your organization. While this would mean that there’s work to be done, you would potentially find the direction you needed as to what areas need more attention to secure. On top of that, your team will find the weak points in your organization in a safe manner. Instead of this being a REAL attack where your efforts would be focused on putting out fires, you have the ability to plan a proper method of securing your organization again. With a Red Team in place, you have built in “bought time” to see how you fair against any adversaries out there.
With enough time and resources, all security defenses will fall. Red teaming isn’t meant to score the skill of defenders – but the cost to attackers. If you are looking to build out a Red Team in your organization, consider using Cobalt Strike to help get you there.