What is Red Teaming?¶
Red Teaming is the process of using Tactics, Techniques, and Procedures (TTPs) to emulate a real-world threat with the goals of training and measuring the effectiveness of the people, processes, and technology used to defend an environment.
What does this mean? Red teaming is a goal oriented process driven by threat tactics. The focus is on training or measuring a blue team's ability to defend against this threat.
Red teaming is not a hunt for vulnerabilities, flaws, bugs, etc. The goal is on understanding security operations as a whole (people, processes, and technology). The result of a red team engagement may identify vulnerabilities, but more importantly, red teaming provides an understanding of blue's capabilities to impact a threat's ability to operate.
Why Red Team?¶
Measure the effectiveness of the people, processes, and technology used to defend a network. How do you know if blue TTPs are effective?
Train and/or measure Blue Teams ability to impact a threat Blue teams need practice. Better to practice on a helpful threat that a real one
Test and understand specific threats or threat scenarios Red team engagements can be designed to exercise custom scenarios. Scenarios can include zero-days, ransom-ware attacks, or other unique attacks.
Threat Get's a Vote¶
How often do security defenders ask the bad-guy how or what they will do? Many organization develop security defenses without fully understanding what is important to a threat. Red teaming provides defenders an understanding of how a threat operates in a safe controlled process.
Better to learn and practice with a Red Team than a real buy guy... anonymous blue teamer