A Red Team challenges an organization by mimicking a real life adversary
Red Teaming helps leaders to improve security, and understand - and address - the risks in every aspect of their business. A Red Team engagement is a uniquely powerful way to make your organization more secure and ready to succeed under the threats of today and tommorow’s adversaries.
Adversaries utilize advanced techniques and tools to breach the security controls of your organization, exploiting any and all weaknesses. Often, these vulnerabilities lay unknown until exploited by attackers.
ACG provides advanced-level Red Teaming, where real adversaries seeking to attack your business are researched, and their techniques customized and applied to your organization. A Red Team engagement at this level truly brings to light all the security issues that need to be addressed. Our team of experts can then, work with your IT and security department to implement solutions and controls to address these vulnerabilities. Success to us is developing a security strategy that makes your organization more proactive and resilient.
During a full engagement ACG will:
- Learn your business and industry.
- Understand your adversaries, and identify the worst case scenario.
- Perform a deep reconnaissance of your digital, physical and social landscapes.
- Identify vulnerabilities and create a plan of attack.
- Attempt (in a secure, controlled way) to breach the security of your organization like a real adversary with techniques including:
- Custom phishing and spear phishing campaigns
- Write custom code to learn and map your network and systems
- Perform a physical (if needed) breach of your premises
- Exfiltrate data and physical assets during premises and network breaches in concurrance with agreed rules of engagement
- Comb social media for information leaks by internal personnel
- Carry out social engineering attacks and employee coercion or executive targeting
- Mimic an insider threat
During these engagements, the organization’s responders (SOC, CIRT, etc) are also evaluated, as all plans and policies are stress tested.
At the end of the engagement, the ACG team will craft a detailed report recommending immediate remediation actions and technical solutions. We'll also work with your team to implement an ongoing adversarial mindset to take your security to the next level.