Beyond vulnerability scanning: Enhancing attack surface management for more proactive security

Attend webinar

Get Demo
  • Use Cases
    • Attack Surface Management
    • Continuous Automated Red Teaming
    • Exposure Management
    • Merger & Acquisition Risk
    • Secure Cloud Migration
  • Platform
    • Platform
    • Recon
    • Attack
    • Integrations
  • Resources
  • News & Blog
    • Blog
    • Press
    • Press Releases
  • About
    • About Us
    • Careers
    • Contact Us
Menu
  • Use Cases
    • Attack Surface Management
    • Continuous Automated Red Teaming
    • Exposure Management
    • Merger & Acquisition Risk
    • Secure Cloud Migration
  • Platform
    • Platform
    • Recon
    • Attack
    • Integrations
  • Resources
  • News & Blog
    • Blog
    • Press
    • Press Releases
  • About
    • About Us
    • Careers
    • Contact Us
Get Demo
March 24, 2022
How to Build a Red Team, Recent Posts, Red Teaming

Establishing a Red Team — Chapter One

By: Keegan Henckel-Miller

Share on facebook
Share on twitter
Share on linkedin

At Randori, we help security teams by unlocking the attacker’s perspective. Red Teaming has long been the gold standard of offensive security, offering an authentic and highly realistic process for organizations to gain a holistic assessment of cyber risk. As more organizations move to adopt more proactive approaches to managing cyber risk – many are considering hiring a red team or investing in establishing a red team capability in-house.

For those unfamiliar with red teaming and without hand-on experience conducting red team operations, establishing a red team can be a daunting and scary task. However, for those who know what’s required and how to find the right talent, adding red teaming to your security arsenal can be transformative. In this new series, our team will guide you through the process of establishing a red team and help you decide if doing so is right for you.

Spread out across five chapters, we will explain:

  • What is a red team?
  • What is the value of red teaming?
  • What’s needed to build a red team?
  • How do I get started?
  • When does it make sense to have a red team?
  • Who do I hire?
  • What should I look for in an applicant?
  • What tools will my red team need to be effective?
  • What metrics should I use to measure effectiveness?
  • Is establishing a red team right for me?
  • What are my alternatives?

 

In this first chapter, we look at how to begin engaging with red teams and what value they can bring to your organization. Click below to watch.

Transcript: 

Hi I’m Eric McIntyre, Vice President of Hacker Operations at Randori. 

The whole point of what we’re doing right now is to help businesses reduce and assess their risk when it comes to their cyber assets. That’s the point of any red team really is to exercise your security program. So you can figure out: where does it have holes, and where can it be improved? 

Being able to measure investments in security has been something that’s been difficult for the industry to do, because the absence of an attack is not an indication of effective security posture. If you want to have a red team function, that’s a function that regardless of the extent to which you do it requires a lot of focus. 

The smallest red team that is really effective would be one person, but that one person would be an individual that would need a wide array of skills. So when you’re starting a red team from scratch, hiring your first red teamer can be a big step for a lot of companies because in the size of our most IT budgets, and FTE is a portion of that. 

For us at Randori, the components that we have are our effective red team is a targeting team, a research team and an attack team. And in general, you can look at each of those components as a component that is essential to any red team. 

So in any red team, you’ll have some necessity to do research activity where you have some expertise in finding vulnerabilities, analyzing vulnerabilities, that are out in the public and then building the tools and capabilities around those vulnerabilities to actually exercise some kind of an effect in the network. You also need a targeting team. Your targeting team is going to be your intelligence analysts. These are people who are able to identify targets within your network and who are able to look at network activity and determine whether a vulnerable system exists or not. And then you need an attack team. An attack team is people who can be hands-on-keyboard, who can look at a network environment and execute the tools that your research team is producing. 

So at Randori, our three teams come together to form all the functions of effective red teaming in a way that you can leverage across all of our customers. So if we have a certain set of targets that we see that our targeting team can identify and dig in on and report that to our research team who can then develop novel techniques and exploits against those targets and then provide that as a toolset to our attack team. You have a lot of individuals working for you when you have a Randori red team experience that would be really expensive to recreate on an individual company’s basis and is outside of the range of what most companies could afford to build in-house. 

A lot of corporations we see run similar in-house applications. And so there’s a lot to be gained by leveraging the commonalities and having a red team that’s looking across the board at everything that’s happening in the industry. 

From our perspective, it’s not about just providing you some level of attack. There are two primary benefits of having a red team. One is the ability to test your ability to detect attacker activity. You have this security program that you’ve invested a lot of money in. Not a lot of people have the ability to test the effectiveness of all of their investments.

Look at what just happened with Log4j: the top targets that we found in log4j affected a really wide range of our customers. And so when we were able to develop the tooling and exploitation around those targets, we were able to apply that to a number of customers simultaneously. So they could all see whether their systems were in fact patched or if there were some that were forgotten. Or what the result of exploitation was — whether their teams were able to detect that and recover it. 

So when you have a red team activity, you get to see the feedback loop of how far an attacker is going to get in your network before it starts triggering some of your defenses. Or where attackers find holes in your defenses and where you can improve the defenses that you have. 

Tune in on Wednesday, April 6th for part 2, where we’ll discuss the business case for red teams. 

Click here to get started with the Randori Attack Platform

Gain an Attacker's Perspective

Uncover your true attack surface with the only ASM platform built by attackers. Stay one step ahead of cyber-criminals, hacktivists and nation-state attackers, by seeing your perimeter as they see it.
Get Demo

Resources

  • Datasheets
  • Ebooks
  • Infographics
  • Webinars

Use Cases

  • Attack Surface Management
  • Continuous Automated Red Teaming
  • Exposure Management
  • Merger & Acquisition Risk
  • Secure Cloud Migration

COMPANY

  • About Us
  • Careers
  • Contact Us

RANDORI PLATFORM

  • Platform
  • Recon
  • Attack
  • Integrations
  • Privacy Policy
  • Security
  • ©Copyright 2023 Randori, an IBM Company
Twitter Linkedin
Manage Cookie Consent
Randori uses cookies to store and/or access information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
These cookies are necessary for the website to function. They are set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not work correctly.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Analytics
These cookies allow us and third parties to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
These cookies are used by third parties to maintain a profile of your interests and show you relevant content on this or other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted content.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}