First, let’s discuss what red teaming actually is. Red teaming is simply an undercover operation that involves a team or person attempting to enter a facility as any other normal person (employee or customer) would. The goal is to see if it’s possible to get past physical security controls to evaluate how secure a facility is. Though often used interchangeably, the terms red team testing and penetration testing actually have different meanings. Penetration testing is a type of manual testing that is typically conducted independently of a vulnerability assessment and used to help test the effectiveness of an organization’s vulnerability management program and associated controls within a defined scope. Red teaming projects differ because they are heavily focused on emulating an advanced threat using stealth.
Setting up your red team test
If you’ve determined that red team testing is something you want to proceed with, the first step is setting up a foundation for success. Since the goal of red team testing is to see if it’s possible to get past physical security controls, it’s essential that everyone is clear on what will be tested, what needs to take place in order for testing to occur, and what will happen in the event that response actions get triggered.
Before getting started, ensure that there is a written statement of work (SOW). This document should specifically define what will be tested, what the goals of the test are, and how the test will be carried out. Furthermore, this contents of this document should be clearly communicated with all appropriate personnel so that no one is taken by surprise and there are no legal ramifications. This will protect the individuals conducting the assessment, and clarify all protocols and goals for the organization being evaluated.
If at all possible, contact local authorities to notify them that a red team test is going to be underway. Clarify when and where the test will take place to ensure that security specialists are not in danger of legal ramifications for breaking and entering. This is extremely important because during physical penetration testing against critical infrastructure or other secure facilities, someone breaking in, even if conducted during an authorized test, may trigger response actions and may still be considered a compliance violation. Create a plan of action prior to getting started to help de-escalate or mitigate risk ahead of time.
Conducting a red team test
Red team assessments start with research. The goal is to discover as much information as possible about the target to learn about the people, technology, and environment that is being tested. This allows security professionals to identify weaknesses to build and acquire the right tools for the engagement. Additionally, it allows professionals to gain a deeper understanding of infrastructure, facilities, and employees to better discern the target and its operations.
Once weak points have been identified, the red team will take action to exploit said weaknesses and attempt to penetrate the facility. Weak points can be anything from unfit security guards, accessible entry points, or confidential documents in view of external personnel.
Using information from red teaming
One of the largest benefits of conducting red team testing is the increased insight companies gain from testing. Identifying areas for improvement allow companies to increase security measures and tighten protocols where necessary to maintain the highest security standards for intellectual property, assets, and employees. By taking the time to identify continuous improvement strategies, organizations create a safer work environment and reduce risk for all associated parties.
With this said, it is important to note that red team testing should be conducted regularly at different points in time to maximize the effectiveness. One test is beneficial, but as environments change and adapt to various factors, (both internal and external) security measures change as well, which requires continual monitoring.