The Skopos approach to red teaming
Red teaming is an approach to test an organizations cyber defenses. The type of test will be based on a threat analysis. For a bank this will be different than a utility provider.
The red team acts like hackers. The objective is to gain access to valuable assets like data. Red teams use the same tools and techniques like hackers. This can be social engineering, scanning and exploiting vulnerabilities, gaining access via wifi or internal systems. Once the red time finds vulnerabilities, they will exploit these and demonstrate where the existing controls failed and what can be improved.
Four main different techniques
At Skopos we offer our capability based on four different techniques: remote access, social engineering, phishing and perimeter:
At Skopos once we finish executing the red team approach, we directly spend time with the key stakeholders to review the results and apply lessons learned.
We apply the following approach to red teaming: start with initial recon, this is where we gather information about, for example: systems, networks and people. We will set up a game plan and gain initial access into the target organization. Once a beachhead is establish we will strengthen our base. From this basecamp we will then explore other branches to increase out hold on the organization. Finally we will transfer valuable information out of the organisation and hide our tracks.
•Is critical data at risk
•How easily it may be obtained by a malicious actor
•Assess the security of the environment against a realistic attacker without negative consequences like bad press
•Ability to prevent, detect and respond to incidents in a controlled and realistic environment
•Identify and mitigate security vulnerabilities before an attacker exploits them
•Fact-based risk analyses and recommendations for improving security controls and systems.
Contact firstname.lastname@example.org for more information.