Red Team Security Testing
GDS has extensive experience in the planning, staging and delivery of complex Red Team engagements for our sophisticated global client base.
GDS Red Team testing services challenge an organization's resilience to targeted and sophisticated attacks. GDS can emulate persistent, motivated, and heavily resourced attackers by using advanced tactics, techniques, and procedures (TTPs) to infiltrate the organization and achieve realistic scenario goals. This form of testing is geared towards clients with a mature and highly evolved security posture. This is the highest level of testing capability, from an attacker and defense maturity perspective, which identifies technical, procedural, and behavioural security control weaknesses.
Red Team testing elevates an already mature security-aware organization by exercising all aspects of their prevention, detection, and response capabilities and demonstrates the return on their investment in security:
- Realistically emulate the actions and activities of a team of skilled attackers attempting to gain access to internal infrastructure as well as carrying out further actions against critical systems once a successful foothold is achieved.
- Identify and assess how to strengthen an organization's current compromise detection controls, incident response/management and breach reporting processes.
- Identify vulnerable systems, missing security controls, and potential detection blind spots.
With each phase of the attack path the organization is expected to either Prevent, Detect, or Respond to the attack pattern:
- Prevent — Controls in place to actively prevent a compromise from occurring.
- Detect — Capabilities to detect a goal-based attacker gaining unauthorized access to target critical systems.
- Respond — Incident response processes and procedures implemented given the detection of a corporate intrusion.
GDS use and develop various Red Team testing models based on an organization's requirements:
- One-Off — A one-off assessment that exhausts the entire attack path of a successful compromise. This acts as a capture-the-flag (CTF) exercise where specific targets are agreed upon to act as critical resources, systems, or data that an attacker would attempt to gain access to. This model is usually performed from a zero to partial knowledge perspective to legitimise the activities. Kill chain decoupling can be used to accelerate the assessment and to exercise the resilience capabilities of an organization at each stage of the compromise simulation.
- Retained Red Teaming — The GDS Red Team can act as on retainer to launch a certain number of unannounced and targeted campaigns over a set period of time. These campaigns will effectively exercise an organization’s detection capabilities and incident response processes. This model relies on evolving TTPs to repeatedly attack the organization at an unexpected time using emerging and effective methods.
- Rebel Team (Blue Team Integration) — Working closely with members of the organization's internal blue team, stages in the attack path are simulated to assure that the appropriate detective mechanisms are effective. This activity simulates each stage in a goal-based compromise to validate an organization's security controls. Advanced know-how, toolkits, and methods are shared with the organization as they are used on each stage of the attack path. This model is excellent in determining whether it would be possible to capture an attacker after an initial compromise.