Red Teaming
Red Teaming is a comprehensive security assessment in which 2NS utilizes real-world attacker tactics, techniques and procedures (TTPs) to evaluate target organization’s security. By emulating a realistic attack scenario, Red Teaming helps to identify weaknesses in the people, process and technologies used to defend the organization, and thus improves the organization’s capability to detect and react to security incidents.
Red Teaming projects are objective-based, and the goal is to emulate attacker’s actions in the target environment. The 2NS Red Team can utilize non-technical TTPs such as social engineering or even physical intrusion to meet the goals set for the project. The TTPs utilized in the project are selected based on the project’s goals, such as “Access server x containing business-critical data without alerting the organization’s cyber defense team“. 2NS Red Team follows the industry best practices and the latest threat information and research to emulate a realistic threat actor.
2NS also has experience in conducting Red Teaming projects using the TIBER-FI framework.
Red Teaming -harjoitus
Simulates how real threat actors would approach your organization as a target
Helps you asses what are the biggest risks and weakpoints in your security
Is a good reminder about how complex combination of physical and cybersecurity actually is
Red Teamingin hyödyt
Proactively test organization’s response to a targeted attack.
Validate effectiveness of security controls.
Evaluate defense’s maturity level.
Red Teaming does not focus on discovering technical vulnerabilities in the target environment. However, vulnerabilities may be used to achieve certain goals set for the project. 2NS also provides services more-related to vulnerability discovery and assessment, such as Penetration Testing.
2NS provides the customer a detailed timeline of attacking events that can be correlated with SOC’s timeline to identify gaps in the security monitoring process.
2NS Provides Red Teaming Services Using Two Main Threat Scenarios:
01
2NS performs a complete, end-to-end Red Teaming engagement starting from OSINT and external reconnaissance where no initial access to the organization’s internal networks is provided. The full engagement model requires usually more time than assumed breach.
02
In this model, an assumption is made that the simulated attacker has some level of access to the target at the start of the project. In this model, the attacker’s access can be simulated for example using a “stolen laptop”, by providing initial access password or by launching 2NS Red Team’s simulated malware that provides command and control. Assumed compromise model can be performed in a shorter period of time than the end-to-end full engagement model.
How a Red Teaming Project Works?
Project goals and methods are agreed with the customer.
Our team plans and executes the attacks based on information gathered and given.
Observations from attempted or successful attacks are gathered and reported to the customer.
REFERENCES
KATSO KAIKKI
CSC
“Suosittelen lämpimästi 2NS:ää sekä yksittäisiin teknisiin tietoturvallisuuteen liittyviin koulutusprojekteihin että tiiviimpäänkin tietoturvakumppanuuteen.”
Urpo Kaila , Tietoturvapäällikkö – CSC
CableCrew Oy
”Yhteistyö sujui niin hyvin, että jatkossa teetämme vuosittaisen auditoinnin 2NS:llä.” Tietoturva on CableCrewlle äärimmäisen tärkeää, koska toimimme kriittisen infran parissa. Yhteydenpito oli mutkatonta, ja tavoitettavuus oli erinomaista myös tarvittaessa virka-ajan ulkopuolellakin. Kaikkiin kysymyksiin sai vastauksen viimeistään seuraavana päivänä. Aikatauluista viestittiin myös reaaliajassa.
Satu-Maria Ravelin, HESQ Johtaja – CableCrew Oy
Kehätieto Oy
“Yhteistyö 2NS:n kanssa on sujunut erittäin mallikkaasti. Olemme saaneet heiltä tarvitsemamme tuen niin henkilöstön koulutuksiin kuin tuotteidemme tietoturvatestaukseen. Luotamme 2NS:n erityisosaamiseen tietoturva-asioissa.”
Juhani Ruohotie, Tiiminvetäjä – Kehätieto Oy