Development and operations a practical guide
Download 4.62 Mb. View original pdf
|
- Navigate this page:
- Consider This Independent Red Teams are invaluable in determining real-world risks and potential impacts.
| Remember This Red Teams are used to measure the effectiveness of the people, processes, and technology used to defend a network, train or measure a Blue Team (defensive security operations, and test and understand specific threats or threat scenarios. We’ve described what Red Teams do, but let’s give them a definition to add to our common lexicon. A Red Team is an independent group that, from the perspective of a threat or adversary, explores alternative plans and operations to challenge an organization to improve its effectiveness. Red Teams perform actions during a Red Teaming engagement outlined by the Rules of Engagement (ROE). We will discuss these rules in detail later. For now, think of them as a guide used by a Red Team as to how they should conduct actions. Red Teams are independent groups that are technically skilled and capable of executing a threat based-plan safely and professionally. We keep describing Red Teams as independent Why As discussed, many organizations or groups have significant biases and assumptions based solely on unproven or unconfirmed information. An independent Red Team, unobstructed by the biases of the target, can provide a clean review, fresh perspective, and accurate assessment of how a threat may cause an impact on various business functions. This team maybe an external consultant or an internal team managed and operated separately from the rest of the organization. Independent reviews are invaluable in determining real- world risks and consequences and a key component of Red Teaming. Consider This Independent Red Teams are invaluable in determining real-world risks and potential impacts. Independence allows the Red Team to accurately review or assess while limiting many of the biases and assumptions of the target. What is the difference between a Red Team and a real-world attacker A Red Team will provide a report, or other deliverables, with the goal of understanding threat-based risks. Organizations that use Red Teams effectively do not need to wait and learn from a real-world breach. Red Teams are beneficial in analyzing systems for security weaknesses that may not be known or understood. The mindset and thought processes used by a professional Red Team Operator can breakthrough common assumptions that severely weaken a system's security. Red Teams ask the "what if" questions to challenge system defenses at its core. Effectively using Red Teams can bring to light security flaws that have plagued a system for years and allow an organization to develop highly effective mitigating solutions. Although there are tremendous benefits to Red Teams, they can be challenging to use. They are commonly used in name only. The activities performed during an engagement are no more than a vulnerability test or penetration test. The output maybe something as simple as a list of findings. Red Teams must be able to think and act like a threat being portrayed. These engagements could be a gloves-off, advanced threat, or limited actions to emulate a single or straightforward threat. We will discuss how to do this by "adjusting the volume" of attacks and Indicator of Compromise (IOC) management later. For now, understand that a Red Team must operate within its rules and boundaries and focus on goals outlined in the engagement plan. Red Teaming is about the overall story. Red Teams can document vulnerabilities and weaknesses identified during an assessment but focus on the whole story of the attacker throughout an engagement. Download 4.62 Mb. Share with your friends:
|