In cybersecurity, a penetration test involves ethical hackers trying to break into a computer system, with no element of surprise. The blue team (defending team) is aware of the penetration test and is ready to mount a defence.

A red team goes a step further, and adds physical penetration, social engineering, and an element of surprise. Social engineering essentially involves manipulating people into performing actions or making them reveal confidential information. The blue team is given no advance warning of a red team, and will treat it as a real intrusion. The goal is to test the organization’s detection and response capabilities. The red team will try to get in and access sensitive information in any way possible, as quietly as possible.

If you have already patched your organization’s vulnerabilities to a reasonable extent, then Credence DigiSec’s red team assessments are the way forward for an even more advanced

Red team assessment is an intense form of penetration testing on the entire defense system of the organisations. The approach is similar to penetration testing however the execution methodology varies as Red team assessment focuses on a limited or even single vulnerability and it repeatedly tries to exploit the vulnerability through intense and targeted attacks in different ways.

The methodology involves simultaneous attack on the defenses of

• Technology: Routers, applications, network, switches etc.
• People : Employees, vendors, contractors/ sub-contractors, high risk functions etc.

This approach is expected to far exceed the remit of traditional security testing. It challenges the effectiveness of technology, personnel and processes to detect and respond to a highly targeted attack conducted over an extended period of time.