Development and operations a practical guide
Download 4.62 Mb. View original pdf
|
- Navigate this page:
- Engagement Notifications
| Continuous Continuous Red Teaming is a newer concept. Think of this as persistent threat emulation. When an organization has a Red Team constantly attacking and engaging its network, it can understand weaknesses associated with long-term advanced and persistent threats. Constant does not mean hours a day / 365 days a year. It means that a Red Team's goals are spread out over sometime. Goals could be in weeks, months, or even years instead of over a one or two-week engagements. This approach allows a team to perform more realistic actions, attempt to remain in the network fora more extended period, and position themselves in ways areal threat would use to cause severe damage to an organization. They are also able to emulate actual threat activities and timelines. In this model, what happens if the team is not detected The team can use operational impacts. These are the steps taken to impact an organization to elicit a response directly. A Red Team can expose their activity just enough to cause a reaction from security operations. Red Teams can turn up or down their activity as needed only to expose what they want. They can provide the defenders an opportunity to learn, provide metrics and measurements to management, and maintain access to conduct future operations. Continuous operations come at the cost of time, effort, and money and take more resources than any other testing type. Mature organizations or organizations with serious threats are the best candidates for continuous operations. Engagement Notifications When planning a Red Team engagement, a decision about whom to inform must be made. Will only a few trusted individuals know their network is under attack Or, will the organization as a whole be aware Neither option is better over the other. The decision of notification based on engagement goals or the engagement type. In the case of Red-on-Blue exercises, the decision is easy. Everyone knows. A choice must be made when performing a Red Team engagement against alive, active target. This decision can have a considerable impact on the results and must be made carefully. Download 4.62 Mb. Share with your friends:
|