Beyond vulnerability scanning: Enhancing attack surface management for more proactive security



Everything you need to know about using automated red teaming to get your defenses ready for any attack.

What Is Continuous Automated
Red Teaming (CART)?

With cyberattacks on the rise, understanding the efficacy of your security program is critical. Periodic tests are not enough, as new threats like the Log4j vulnerability arise every day. You must conduct ongoing testing of your defenses, so you know where you stand. That’s where CART comes in.

What is CART?

CART is a new technology category that provides security teams with an ongoing ability to emulate advanced adversaries and stress test their defenses. Backed by experts with decades of experience in offensive security, It’s always up-to-date, programmed with the latest threats, and constantly evolving to provide you with the most realistic testing experience.

How Is CART Different from
Penetration Testing?

Penetration testing is a regular part of many security teams’ strategy. It involves manual, point-in-time testing by security teams or outside experts in which they attempt to penetrate the system to identify vulnerabilities. While this can be effective at identifying specific gaps in an application or network, unlike real adversaries, it’s highly constrained, planned in advance, and due to its manual nature instantly out of date. CART, on the other hand, has the following advantages.


Unlike pen-testing, which takes up large amounts of security teams’ time, CART is automated. A CART solution runs constantly, often without any installation required.


Rather than being point-in-time, CART is continuous, running all the time to test your defenses against the latest attack techniques. That means your knowledge about your system’s strengths and weaknesses is always up-to-date.


With pen-testing, your team is only testing certain applications. If they can’t break into these applications, they’ll assume the system is secure. But real attackers won’t give up so easily, and neither will CART. If it doesn’t get in through one application, it will look for other openings and keep trying, just like real hackers do.


Pen-testing only tests methods that teams assume attackers are likely to use. But these assumptions might not be the only techniques hackers are using in the real world. CART solutions have built-in insights into the most recent techniques, and they put these to use, so you’ll know how your system would respond to a real attack.

How CART Works

Perform blackbox reconnaissance

CART provides authenticity from the start. Just like real attackers, a CART solution uses blackbox reconnaissance. That means you only need to provide minimal information, like a business email address.

Define the scope

To know what needs to be tested, you need to know what’s on your external attack surface, what’s visible to attackers. The problem is, 30% of internet-facing assets are unknown to security teams. Deploying an attack surface management (ASM) solution will help you discover everything on the surface so you have a clear idea of the scope.

Authorize targets for attack

Once you’ve identified likely targets, authorize them for attack. The CART solution will only attack authorized systems, so you won’t need to worry about unexpected disruptions.

Continuously identify opportunities

A CART solution is constantly updated with the latest threat data, so it can easily identify new opportunities for attack. It doesn’t just rely on one attack method and then assume the system is secure if it can withstand it. It uses new techniques as they come about.

Launch real world attacks

When the CART solution recognizes new opportunities, it launches persistent attacks against authorized systems. This emulates the methods real attackers are using, so you’ll know if you’re truly prepared for an attack.

Prioritize risks and recommend remediations

Not every area that is vulnerable to attack is a high priority. How high priority it is depends on what attackers could get from it. The CART solution prioritizes areas for remediation based on risk, so you can protect what’s most valuable first.

Check out the Ultimate Guide to Risk Based Vulnerability Management to learn more about prioritizing risks.



Everything you need to know about using automated red teaming to get your defenses ready for any attack.

Why Is CART Critical to Your

We’ve shown you how CART works, so now let’s look at why it’s so critical to your business. Only a CART solution can provide you with ongoing testing of your program’s efficacy and operational resiliency.

Benefits of CART

Continuous attack surface discovery and monitoring

You need to be aware of all the exposed assets on your system to make sure they’re adequately protected. CART is most effective when integrated with an ASM solution. ASM takes an attacker’s perspective and finds every asset on your system, even the ones you didn’t know about. It continuously monitors these assets and the risks they pose.

Ongoing assessment of security controls

If you only assess your security controls periodically with pen-testing or red teaming exercises, you may be leaving your system vulnerable. CART provides ongoing assessment so you’re instantly aware of any shortcomings. 

Realistic testing of detection and response capabilities

It’s crucial to understand how well your teams would respond to a real attack. By using authentic methods, CART tests detection and response, so you’ll be sure to be ready if an actual attack occurs.

Real time validation of security improvements

Your security posture may be strong at the time you conduct red teaming exercises, but you don’t know how long it remains that way. With CART, you can put your security posture to the test in real time.

Satisfies compliance requirements

Failing to meet compliance requirements can result in fines even if you’re not attacked. For example, if customer data is exposed, it might not be exploited, but you could still be in violation of compliance. Using CART to test your system, you can ensure nothing is accidentally left open to the internet.

Can Prove ROI of security investments

If you’ve expanded your security budget to add new tools, you’ll want to verify that it was worth the investment. When you use CART to emulate realistic attacks and it fails to get through or you’re able to remediate the breach quickly and easily, you’ll be able to justify the cost of your solutions.

Use Cases for CART

There are many ways you can put CART to use in your organization.

Security Preparedness

Ensuring compliance

Compliance steps are easy to miss with 32% of employees admitting they couldn’t even find relevant information on how to meet the obligations. Using automated solutions helps uncover common human errors so you’re not unknowingly breaching any regulations.

Security testing

CART allows you to test the security of your system continuously, without overburdening security teams.

Controls validation

You’ll want to be sure your security controls are effective, and validate that they’re necessary. CART solutions make this easy.

Risk Assessment

CART helps you more accurately assess your risk to real world attacks so you’ll know what to prioritize.

Testing Defenses

Penetration Testing

Using a CART solution is like doing constant penetration testing. It can be set to attack any application you authorize it to, and it does this continuously rather than at a single point in time.

Red Teaming

CART can be used alongside red teaming exercises to provide insights into attack methods and what’s vulnerable to attack.

Purple Teaming

Purple teaming is when red and blue teams collaborate so that both sides gain a more thorough understanding of both attack and defense methods. CART can act as the red team for your defense (blue) teams.

Breach & Attack Simulation

CART solutions can be used in a similar way to breach and attack simulation, and they’re more thorough as they actually emulate real attackers rather than relying on predefined conditions.


Testing defense teams’ understanding of the adversary

Evaluating the data from a CART solution gives your defense teams a clearer understanding of what they’re up against.

Learning the impact of various forms of attack

Since CART uses a variety of methods that real hackers use, you can see the impact that different forms of attack have on applications—all in a controlled environment.

Choosing a CART Solution

Most security teams understand the need to test their defenses, but choosing the best solution can be a challenge. Here’s how CART stands up against other solutions.

CART vs. Penetration Testing

Pen-testing only tests certain applications, which means its scope is limited. It’s impossible for teams to test everything. And even if the applications they test prove to be secure at the time, that doesn’t mean they’ll be secure in the future. The results are instantly out of date.

CART provides continuous testing using the latest information. And because it’s automated, it doesn’t take up security teams’ valuable time. It finds weaknesses when they occur, so you’ll have a more accurate assessment of your security

CART vs. Red Team Service

Hiring outside red team service providers gives you an authentic test of your defenses, but it’s costly. It also causes business disruptions as some systems will need to go down as the tests are conducted. In addition to this, it has the same downside as pen-testing—it’s only done at a point in time. What’s secure one day might not be secure on the next.

CART acts like a red team that’s constantly available. It’s more cost-effective in the long run and won’t require downtime. Most importantly, the results are always informed with real-time threats.

CART vs. Blue Teams

A blue team focuses on defense; red teams focus on the attack. CART won't eliminate the need for your blue teams; it will ensure that they stay sharp and focus on what's most important.


Breach and attack simulations (BAS) rely on a predefined set of controls and assumptions, which may not be accurate in the real world. BAS may provide a false sense of security because your system may withstand its attacks, but it doesn’t use a true external perspective.

CART, on the other hand, is constantly adapting. It doesn’t come with a predefined set of actions. With nothing more than an email address, it can discover opportunities for attack on your system, just like a real attacker would.

Requirements for a CART Solution

An effective CART solution should have all these key features.

Attacker’s Perspective

To be authentic, a CART solution needs to come from an attacker’s perspective. It should give a view of your external attack surface as it appears to hackers and find all the opportunities to breach your defenses and be built by experts with real-world experience conducting offensive operations, not just penetration tests.

Agentless Deployment

The best CART solutions will be agentless. Just like a real adversary, a good CART solution should not require you to install anything or have set controls. With only an email address, it should be able to get started. Leading CART solutions will provide an agent security teams can use to simulate an intrusion – but it should not be required to add value. 

Integrated Attack Surface Discovery

To make sure you’re protecting your most valuable exposed assets, you need to be aware of them. An ASM solution ensures that you discover everything on your system, including shadow IT. Leading CART solutions integrate with ASM to gain a complete perspective on your attack surface.

Ongoing Risk Assessments

CART must be continuous because of the changing nature of both your system and hackers’ methods. It should test constantly for anything that’s added to your attack surface and assess any weak points using the latest techniques – providing an ongoing assessment of an organization’s risk profile.

Regular Reports on Effectiveness

While it’s automated, your teams still need to regularly benchmark and evaluate their overall effectiveness in a way that can be easily understood and communicated to outside stakeholders and business leaders. A good cart solution provides not only real-time insight into activity, but regular and periodic reports on effectiveness and key risks, so that security teams can demonstrate improvement over time.

Executive Reporting

Finally, CART solutions should include rich, on-demand executive reporting to provide CISOs, CIOs and Board of Directors with high-level reports on how the security team is performing, the effectiveness of controls and the current risk profile.


With the sophisticated attack methods emerging today, it’s crucial to test your defenses in a realistic and ongoing manner. While security teams must meet compliance requirements, they must do so while also finding ways to build resiliency and stay ahead of changing tools, techniques and procedures. CART builds upon penetration testing, enabling organizations to move beyond compliance and begin measuring the effectiveness of their security program through practice

To be fully prepared, organizations should adopt a broad suite of offensive security technologies – including ASM, BAS/NGPT, and CART.

Randori Recon is the industry’s leading ASM software, the only ASM platform that brings a hacker’s perspective to your attack surface.

With advanced reconnaissance techniques used by real threat actors, it gives you the power to identify, prioritize, and continuously monitor your most valuable exposed assets and risks so you can protect them.

Randori Attack is a CART solution that acts as a constant, trusted adversary. It provides real-world attack simulations that truly put your defenses to the test. The Randori Attack team was among the first to develop a working exploit of Log4j.

Eliminate guesswork for your team and obtain proof of what happens when a weakness is left unaddressed. Gain certainty of the highest risks and their potential consequences.

Are you ready to discover your attack surface and begin testing your defenses against a trusted adversary? Try a demo of the Randori Offensive Security Platform, including ASM and CART, today.


And gain a trusted adversary to test your defenses.