Development and operations a practical guide
Announced Red Team Engagement
Download 4.62 Mb. View original pdf
|
- Navigate this page:
- Unannounced Red Team Engagement
- How To Decide
| Announced Red Team Engagement The organization (or at least the security operations team) has the knowledge that an engagement is underway. This can impact an engagement in the following ways. An organization may increase security, patch systems, change passwords, or otherwise prepare fora known attack. This can have a dramatic impact on the results. Planning can include all key members of an organization. This helps ensure the critical assets are included, and the Red Team goals can beset accordingly. Fears of a rogue Red Team can be dealt with early through effective communication. This typically leads to a more in-depth engagement where risks can be explored with well-planned rules of engagement. Unannounced Red Team Engagement The organization (especially the security operations team) does not know that an engagement is underway. This can impact an engagement in the following ways. An organization will act and respond as it would on any given day. This provides very realistic results by measuring the actual posture of security operations. Fear of the unknown causes some organizations to react with the sky is falling” mentality. This fear may cause unintended self-inflicted damages if policies and procedures are not followed. Goals and targets may not be included in the planning. When only a small number of an organization's team is part of planning, critical assets maybe missed and not included in the scope. This oversight can cause an engagement to lose focus on areas that may expose an organization to considerable risk. How To Decide? The following two tips can be used to answer the question about choosing announced or unannounced. If the overall goal is to measure the effectiveness of an organization’s security operations, start the planning with an unannounced engagement. Even with the limitations, the results will be the most accurate and realistic in terms of understanding a threat’s impact. If the overall goal is to measure the effectiveness of a specific capability, tool, processor technology, start the planning with an announced engagement. When goals are specific or targeted, including the defenders can ensure the scope and rules are adequately designed to achieve the desired results. Download 4.62 Mb. Share with your friends:
|