What is a Red Team Assessment?

A red team assessment is a simulated attack against an organisation using real-world information and threat intelligence analysis. The aim of a red team engagement is to compromise an organisation through technological, social, or physical means to determine where potential areas of risk may be present.

How does a red team engagement differ from penetration testing?

Penetration testing usually focuses upon a smaller scope, such as a web application or an infrastructure environment. Red teaming uses the full breadth of an organisation's assets as potential targets, although there can be limitations as defined within the rules of engagement.

An example of this is where a Cross-Site-Scripting vulnerability may be present within a web application, and where a penetration test may prove that this is exploitable as a proof of concept, a red team engagement takes this a step further and would use this vulnerability to compromise staff members for lateral or vertical movement.

How can my organisation benefit from a red team engagement?

Organisations can use the results of a red team engagement to understand a more complete picture of their security posture, and how an attack chain against the organisation could be established by not isolating elements of the business to separate penetration tests.

An advantage of red team engagements is the attempt to remain as covert as possible in order to avoid detection during the enumeration and attack phases, and by using this process as a training exercise for blue teams such as a security operation centre or internal security team monitoring and incident response procedures.

If you like this blog post, find more content in our Glossary.