Red Team exercise methodologies: phases and tactics » intelfindr
Cybersecurity

Red Team exercise methodologies: phases and tactics

No Comments6 Mins Read0 Views
Red Team exercise methodologies: phases and tactics


Red group methodologies

The Red Team methodology permits cybersecurity professionals to simulate assaults in opposition to corporations and contribute to enhancing their resilience to actual incidents.

In group sports activities similar to soccer or basketball, it is not uncommon for coaches to pit their beginning groups in opposition to their substitutes in preparation for championships to be certain that they're able to beat their actual opponents when the time comes.

This sports activities technique is mirrored within the cybersecurity subject by means of Red Team workouts, an offensive cybersecurity service that permits corporations to endure simulated assaults to enhance their detection and response capabilities and efficiently put together to take care of actual incidents.

As with different workouts similar to superior penetration testing, the Red Team methodology has a collection of phases ranging from intelligence gathering to evaluation of the outcomes.

All phases of the Red Team methodology have to be carried out with stealth, avoiding elevating alarms within the group’s defensive programs. As well as, additionally it is helpful to make use of the MITRE ATT&CK framework as a reference methodology for classifying assault methods.

Within the following, we are going to clarify the keys to the Red Team methodology and the advantages that this service can convey to corporations.

What are Red Team workouts?

A Red Team exercise goals to simulate the habits of an adversary or malicious actor whose objective is to compromise a corporation in its broadest definition. That's, to assault and undermine:

  • Company expertise.
  • The people who find themselves a part of the group.
  • The procedures carried out by the corporate.

In contrast to different cybersecurity companies, Red Team’s workouts are carried out with the utmost discretion since their mission is to make the professionals answerable for the group’s protection consider that they're going through an actual assault.

Because of this, solely the managers are conscious of the exercise. They're answerable for establishing the goals to be met and the traits of the situation on which the Red Team members will work.

Phases of the Red Team methodology

To systematize the duties to be carried out, the Red Team methodology is used, consisting of seven main phases:

  1. Intelligence. All the data which may be helpful for the Red Team exercise have to be gathered, and from it, intelligence of nice added worth have to be generated.
  2. Detection of weaknesses. The group’s infrastructure vulnerabilities and weaknesses in its safety perimeter are analyzed.
  3. Exploitation. Primarily based on the data from the 2 earlier phases, we exploit the weaknesses detected and take management of company belongings.
  4. Lateral motion. The Red Team proceeds to maneuver across the firm’s inside community undetected.
  5. Privilege escalation. Red Team professionals achieve full management of the corporate’s infrastructure by means of privilege escalation.
  6. Persistence. Cybersecurity consultants set up backdoors that permit them to make sure their persistence within the company community and obtain the agreed goals: encrypt or exfiltrate information, deploy ransomware, perform a DDoS assault…
  7. Evaluation. All the data generated in the course of the Red Team exercise is systematized and analyzed to:
    • Consider the capabilities of:
      • Detection
      • Containment
      • Restoration
    • Develop an enchancment plan for the corporate to enhance its resilience to cyber-attacks.

Red group eventualities

What are the Red Team eventualities?

We talked about earlier a key factor of the Red Team methodology: eventualities. However what precisely are they, and why are they so vital? Red Team eventualities describe how a Red Team exercise must be carried out, from the assault’s origin to the ultimate goal, together with all of the intermediate or further milestones (flags) that it could be fascinating to attain.

When designing a Red Team situation, it's important to find out the malicious actor that the professionals will simulate (distant attacker, competitor, disgruntled worker, and many others.), the intrusion vectors for use and the goals of the exercise. In different phrases, Red Team eventualities are a roadmap agreed upfront between the group and the cybersecurity professionals.

A standard Red Team situation is perhaps to intrude into company programs from the perimeter or with credentials from a compromised vendor. It is not uncommon for corporations to decide on to endure a ransomware simulation, as assaults utilizing this sort of malware have turn out to be a continuing in recent times.

Red Team’s catalog of eventualities could be very broad: bodily intrusion, theft of company tools, provide chain assaults, social engineering…). As well as, it is not uncommon to set further flags similar to entry to confidential data, exfiltration of strategic data, blocking the backup system or compromising the cloud infrastructure.

Tactics and methods of the Red Team methodology

When using the Red Team methodology, it's attainable to make use of tactics, methods, and procedures (TTP) which can be well-known for use by real-world adversaries. Nevertheless, choosing extra novel tactics and strategies can also be attainable. In any case, the last word aim is all the time to assist the group enhance its defensive posture by:

  • Figuring out alternatives to enhance detection and response capabilities.
  • Coaching safety personnel to answer actual incidents.

For this objective, the MITRE ATT&CK framework is usually used to categorise offensive actions and map detection capabilities. As well as, the Red Team’s personal expertise amassed by the group conducting the exercise performs a necessary function in enriching the Red Team methodology.

Within the case of Tarlogic’s BlackArrow group, all of the experience amassed through the years by its professionals in OpSec and evasion of detection measures has allowed it to have its personal Red Team methodology, which is efficient in assembly the goals of the workouts and strengthening the resilience of the businesses.

Advantages of Red Team workouts for corporations

Bearing in mind what we've identified all through the article, we are able to conclude that conducting Red Team workouts permits organizations to:

  • Put together for actual assaults.
  • Acquire an actual understanding of the true danger of assaults and safety incidents.
  • Detect weaknesses in assault detection and containment capabilities.
  • Adjust to new regulatory frameworks similar to TIBER-EU and the DORA regulation, which incorporate the Red Team
  • Workout routines (TLPT) as a software to evaluate organizations’ resilience.

Briefly, corporations wishing to extend their resilience to cyber-attacks ought to fee Red Team workouts for groups with intensive expertise and a Red Team methodology that has been perfected due to the data amassed by implementing such a exercise. On this approach, they are going to be capable of assess their detection and response capabilities and have an enchancment plan that may allow them to strengthen their safety posture.



Source link

Share.

Related Posts

Leave A Reply

Exit mobile version