Our services
Red Team Assessments
There are several aspects that differentiate a red team assessment from a traditional penetration test. The biggest difference is that the focus is not placed on one application or system but on all assets of a company alike. It does not matter whether that is an IT system, an employee, a site or a business within the holding structure.
Instead, priority is given to the simulation of real attacking techniques and tactics. For this purpose, specific targets are usually defined that should be reached by the red team, for instance gaining access to a certain system or a database containing sensitive information.
The assessment then goes through all the relevant phases of the so-called cyber kill chain to achieve the targets: from information gathering to planning, preparing and, finally, carrying out the attacks. How these goals are achieved is not necessarily relevant; therefore, several vectors can be covered. Typically, this includes attacks against externally accessible services and cloud environments, phishing attacks, physical attacks on site and actively using social engineering.
In contrast to penetration tests, a red team assessment does not aim to identify as many vulnerabilities as possible in a specific test object. Instead, integral deficits concerning prevention as well as detection capabilities and responsiveness should be pointed out. This is why the red team primarily chooses “silent” attacking techniques and forms, which is different from traditional security assessments; red team assessments therefore also tend to take place over a longer period of time.
Due to the aforementioned conditions, this form of assessment is aimed at companies that have already implemented mature measures to prevent, detect and respond to a security incident.
Possible Variations
cirosec offers to perform customized red team assessments. Possible forms of assessment are listed in the following for orientation purposes:
Traditional Red Team Assessment
Includes all phases incl. comprehensive information gathering.
Compact Red Team Assessment
Without comprehensive initial information gathering in order to reduce the effort. Instead, relevant information is obtained in a joint workshop.
Red Team Assessment According to TIBER-DE or TIBER-EU
In this form of red team assessment, we base the implementation entirely on the TIBER-DE or TIBER-EU framework. Further information can be found at:
TLPT: Threat-Oriented Penetration Tests in Accordance with DORA
A TLPT within the context of DORA is based on TIBER and intensifies the cooperation between BaFin and Deutsche Bundesbank. According to BaFin, this affects only smaller details in the operational execution of a TLPT compared to the established TIBER-DE framework.
Competent IT security consulting, pentests, incident response and training
cirosec GmbH
Ferdinand-Braun-Straße 4
74074 Heilbronn, Germany