Red teaming
Red Teaming bedeutet, dass wir uns in Ihr Netzwerk einhacken, um mit Ihrem Blue Team zusammenzuarbeiten und die neuesten Hacking-Techniken zu erlernen und zu adaptieren. Wie gut funktionieren Ihre Verteidigungsmaßnahmen gegen gezielte Angriffe?
Die Verbindung zwischen Red Teaming und DORA
Der neue Digital Operational Resilience Act, kurz DORA, verpflichtet die Finanzinstitute in der EU, konkrete Schritte zur Verbesserung der betrieblichen Cybersicherheit zu unternehmen. Eine dieser Anforderungen wird als Thread-Led Penetration Testing (TLPT) bezeichnet, auch bekannt als Red Teaming.
What is Red teaming
Our Red Team hacks your network while trying to stay undetected by your Blue Team. The Blue Team can be your internal, or external security response team or security operations center (SOC).
The goal of Red Teaming is to improve your Blue Team’s capabilities. A closing session with your SOC/Blue Team is always included, where the Blue Team learns where opportunities exist to improve detection and response.
Different from Pen testing
Red Teaming can be seen as a form of Penetration Testing, but it is different in several important ways.
First of all, the goal is different. A pentest aims to find as many vulnerabilities as possible in the shortest reasonable timeframe. Red Teaming projects aim to measure and improve Blue Team capabilities. Like a real attacker, a Red Team has to try to avoid easy detection.
Also, Red Teaming is often based on threat intel, i.e., follows methods known to be commonly used by threat actors.
So, while the techniques used are often similar, Red Teaming and Penetration Testing have different goals and a different approach.