Red Teaming: creating security clarity
News and information from the Advent IM team.
- by Ellie Hurst
- Advent IM Blog
Thank you to our Red Teaming expert, Ian Warren for his thoughts on the benefits of Red Teaming as part of your Physical Security strategy.
Businesses take the establishment of good policies, procedures, infrastructure and technical solutions, applied in an integrated way, as the means to protect their valuable assets. By taking this approach, businesses generally achieve a security culture that will stand up to scrutiny for a year or two. But is it sufficient to solely rely on the outcome of your business’ planning etc to actually demonstrate good security? Is it really doing what you want it to? Is it appropriate, proportionate and cost effective? And, has the passage of time reduced the effectiveness through the lack of refresh or just staff switching off as the security posture becomes the norm; the comfortable shoes.
It’s fair to say that those businesses that routinely review, audit and test their systems do maintain a good, continuously improved level of security. But how effective is that internal, self-assessment process? Do you really get the big picture, the holistic viewpoint?
Ever thought, ‘What if I can get someone to take a truly independent, but without an inkling of who, what, where and why of the business?’ Is that possible? Well, put simply, yes; Red Team.
Red Team were always the enemy forces when military commanders pitted Red against Blue, the good guys. This exercise approach enabled commanders to test their strategies before putting them into practice on the real battlefield. This testing process has been developed and refined over years to provide testing on realistic, Threat Based, scenarios. Although now, Red Team is a means of testing existing security to aid the audit, review and improvement processes for business in general.
We at Advent have a wealth of experience and talent for examining and testing security systems with this methodology. By looking at the public face of a business through open source research and site reconnaissance for possible vulnerabilities to exploit, we can plan and test a business’s systems and procedures for that totally independent and professional viewpoint.
So what? Well, by having no first hand insight, we delve into open source material, social media and the like, and by taking this approach we’re able to provide a business with areas of concern they may not be aware of, enabling them to review and implement changes that best fits their requirements. Advent will also provide recommendations based on their findings and with their knowledge and expertise in this field, provide the best practice and appropriate guidance to aid those decisions.
Red Team; a game changer? It can be, why not check out our Red Teaming page for further information.