Red Team Assessments
What are Red Team Assessments?
Red Team Assessments evaluate organizational preparedness, including technical prevention controls, detection capabilities and incident response planning. Generally executed with only executive awareness, Red Team Assessments involve extensive manual testing that attempts to access a company’s environment by breaching technical and physical security controls using tactics, techniques and procedures (TTPs) commonly used by adversaries.
Red Team Assessments: The Why and When
Explore the research and data points below to learn more about why red team assessments can be an important value-add for organizations at time of rising cyber security risk:
-
$9M+
The average cost of a data breach in the U.S. (1)
-
$15M+
The average cost per insider threat incident. (1)
-
200+
The average days to identify a breach from an exploited vulnerability. (1)
As an organization's digital footprint expands, the opportunities for cyber criminals to gain access grows. At the same time, attackers' tactics are becoming both increasingly sophisticated and more accessible to non-technical players through black market offerings such as Ransomware-as-a-Service. These trends present a formidable challenge to cyber security teams which must be prepared to respond to relentless attacks in real time.
How Aon Can Help
-
Red Team Assessments
Red Team Assessments include modified stealth versions of technical assessments such as Network Penetration Testing , Compromise Simulation and phishing/vishing simulations , among others. Additionally, Red Team Assessments extend beyond these technical assessments to help provide an all-encompassing evaluation of organizations’ people, processes and technologies. Each assessment has specific goals to compromise high-value IT assets, networks, physical facilities and processes. These goals are customized based on threat intelligence, perceived industry risks and organizational requirements.
Given the variability of TTPs used by different adversaries, Red Team Assessments can focus on custom scenarios backed by threat intelligence. While these scenarios are tailored for each client assessment, they can be commonly categorized into the following:
- Advanced External Attacker: This test simulates the potential impact of an unauthenticated attacker performing persistent attacks, including advanced network or application-level attacks, password spraying, phishing, vishing, wireless, physical and other identified potential attack avenues.
- Compromise Simulation/Insider Threat: This test simulates the potential impact of an authenticated malicious insider, advanced end-user, host compromised by malware or credential theft. Posing as a legitimate user with low-level domain privileges, Aon can simulate a targeted attack, attempting to breach security controls and gain access to restricted data and internal systems.
Once testing is complete, Aon prepares a detailed description of each scenario, describing how vulnerabilities were chained together to achieve defined goals. This helps to give the client unique insight into gaps in technical controls and incident response capabilities, helping them to better prepare for real attacks.
- Advanced External Attacker: This test simulates the potential impact of an unauthenticated attacker performing persistent attacks, including advanced network or application-level attacks, password spraying, phishing, vishing, wireless, physical and other identified potential attack avenues.
-
Purple Team
Purple Team testing involves the Aon Red Team and the client’s Blue Team collaborating on testing, detection/alerting and response capabilities. Aon Red Team operators execute a series of tests based on the MITRE ATT&CK Framework and work with the Blue Team to ensure alerts are triggered for each important attack in the framework and assist in creating new alerts for attacks that do not trigger an alert.
The Aon Team
Our red team assessments, which are part of our larger penetration testing services, are delivered by a global team of highly qualified professionals with decades of combined experience. The overall team holds more than two dozen certifications in penetration testing, red teaming, cloud security, blockchain security, security leadership and management — and other disciplines. The team publishes security blogs, contributes to open source software projects and are engaged in a variety of continuous security research projects. Speaking engagements have included Black Hat, SANS, RSA, OWASP AppSec, CircleCityCon, REcon, ShmooCon and others.
To learn more about Red Team Assessments, please complete the form below to contact our team.
(1) Cybercrime Expected To Skyrocket in Coming Years
Insurance products and services are offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida, and their licensed affiliates.
The information contained herein and the statements expressed are of a general nature, not intended to address the circumstances of any particular individual or entity and provided for informational purposes only. The information does not replace the advice of legal counsel or a cyber insurance professional and should not be relied upon for any such purpose. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future.