Most information security assurance programs analyze the security posture of an organization’s people, process and technology. Structured security assurance assessments usually focus on a particular network, application, system environment, technology, facility, set of policies, controls or audience. These type of assessments are effective for identifying vulnerabilities, flaws and other deficiencies that may render organizations vulnerable to compromise. While it is extremely important to conduct these types of security assessments, they don’t always identify the kinds of subtle gaps in awareness, policies, process and control that are often identified and exploited by attackers. Because of this, two of the most effective information security assurance testing formats are the Penetration Test and the Red Team Test.
Penetration and Red Team testing studies simulate real-world attacks and are designed to challenge an organization’s security controls in the same way that an actual attacker with adversarial intent might. These studies focus on identifying the kinds of weaknesses in security posture that could be leveraged by an attacker to successfully compromise an organization. Penetration Tests and Red Team testing studies begin with an open-source reconnaissance sweep and the collection of data relating to the organization being studied. The potential attack surface can include a business’ wired, wireless and mobile corporate computing infrastructure, facilities, partners, personnel, their social networks and the like. The data is then analyzed to identify potential attack vectors. Attack scenarios and targeted exploits are then designed and delivered against the organization. The goal of these studies is to:
In order to measure and improve the overall security posture of our clients’ cyber security state and to establish a clear understanding of the security status of client data and computing assets, Critical Defence offers a comprehensive suite of Penetration Tests and Red Team Testing studies. The primary purpose of these studies is to provide third-party validation of the targeted organization’s cyber security posture while also determining if unauthorized intruders could bypass currently deployed security measures and access the internal network, systems or system information considered sensitive or confidential.