Red teaming (or offensive) cybersecurity exercises take traditional penetration (pen) testing a step further by simulating real-world attacks that replicate real-world adversaries' techniques, tactics, and procedures (TTPs). For one thing, a red-team engagement takes a zero-knowledge approach: The wider organization isn't notified about the testing ahead of time and the red team isn't supplied with any prerequisite information about the organization.
By acting as an adversary trying to bypass an organization's security controls while avoiding detection, the red team identifies ways an organization can be compromised through real-world TTPs. It also assesses how well the organization can identify, manage, and resolve attacks or incidents consistent with best practices and incident response plans and procedures.
How to Improve Penetration TestingTypically, a penetration test follows a predefined, approved, and time-boxed methodology. The organization defines which assets should be tested, and the resulting report highlights the security issues or vulnerabilities found on the in-scope assets.
Traditional penetration testing is a core element of many organizations' cybersecurity efforts because it provides a reliable measurement of the organization's security and defense measures. However, because a client can classify assets as out of scope, the pen test may not give an accurate read on the organization's full security posture. Because the pen-testing approach, authorization process, and testing ranges are defined in advance, these assessments may not measure an organization's true ability to identify and act on suspicious activities and traffic.
Ultimately, placing restrictions on a test's scope or duration can harm the tested organization. In the real world, neither time nor scope are of any consideration to attackers, meaning th ..
Support the originator by clicking the read the rest link below.
