What is red teaming?

A red team’s mission is to emulate the tactics, techniques, and procedures used by adversaries. OmniCyber intends to give real-world scenarios and hard facts on how a company will respond, find gaps within a security program, identify skill gaps within employees, and ultimately increase their security posture. It’s not as methodical as a penetration test as it’s a real-world attack and each test can differ significantly. Some might focus on getting personal information, banking information while others might focus on getting domain administrator.

computer design illustration

Talk to one of our cybersecurity consultants

white building blocks

Many companies now have a security budget that allows Vulnerability Management programs, Multiple Penetration Tests, SOC teams, and Incident response but still, a lot of breaches happen to these large mature companies. So, what if these attackers came to your company with the same real-world tactics. How would you detect it, how long would it take, and could you figure out what they did?

 


This is the goal of a Red Team engagement.

At OmniCyber we follow the MITRE ATT&CK® framework which is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. This consists of PRE-ATT&CK and ATT&CK Tactics. Some of the main aspects of the MITRE ATT&CK® are:

 

  • Test controls and their efficacy
  • Ensure coverage against different techniques
  • Understand gaps in visibility or protection
  • Validate the configuration of tools and systems
  • Demonstrate where different actors would be successful or would be caught in the environment
  • Avoid guesses and assumptions with controls by knowing exactly what is detected or mitigated and what is not
purple sausage shapes
cube shape on pink background

PRE-ATT&CK and ATT&CK Enterprise combine to form the full list of tactics that happen to roughly align with the Cyber Kill Chain. PRE-ATT&CK mostly aligns with the first three phases of the kill chain: reconnaissance, weaponization, and delivery. ATT&CK Enterprise aligns well with the final four phases of the kill chain: exploitation, installation, command & control, and actions on objectives.

Frequently Asked Questions

Browse our frequently asked questions or Contact us if you have any further enquiries.