CovertSwarm 'Cyber Research'
The security practice of ‘Red Teaming’ is one that sees an expert group of ethical hackers taking on the challenge to attempt to breach the security of their client’s own commercial estate using ‘real world’, offensive cyber techniques.
The proverb that ‘attack is the best form of defence’ is one that sits squarely at the heart of the concept behind any Red Team engagement: by deliberately inducing cyber pressure against its defences a business can ensure that they are effective at both detecting and deflecting any attempts to breach it.
The ever-increasing costs of procuring and implementing purely defensive security technologies, teams, processes and procedures within any organisation are considerable, and proving that cyber risk mitigation (or at least significant risk reduction) is occurring and that a true ROI is being realised from these investments is key.
Before exploring the methods by which a traditional Red Team typically engages with its target, it is important to consider the complimentary ‘other side’ of this cyber offensive equation – that of the Blue Team:
A Blue Team exists to defend against a Red Team’s attacks. Security Operations Centres (SOC), Network Operation Centres (NOC) and outsourced Managed Security Service Providers (MSSP) all operate wholly, or to some extent, to take on the role of a defensive Blue Team. Delivered either as an internal team, or as an outsourced service provision, their logging, analysis and monitoring of an organisation’s computer network traffic is to ensure that as few holes as possible exist in its defences, and that any attempts by an offensive Red Team to probe for, and ultimately successfully exploit, discovered vulnerabilities are rapidly detected and cause the raising of a security alarm and risk mitigating action.
Now, whilst it is often a highly educational and fun engagement for a business’s technology and security team to gamify their security in this manner (usually for a couple of days per financial year), it should not be forgotten that the drive behind this Red:Blue Team dynamic is to recreate as realistic a simulation as possible as to how real-world bad actors may choose to attack the business for nefarious gain.
It is here that the cyber risk gap between what the intended outcome from typical Red Team consultancies and the reality of the genuine benefit felt by their clients begins to become apparent:
Typical Red Team consultancy exercises last only a few hours to a limited number of days – often due to the extremely high costs of employing such cyber talent, as well as the genuine limitations placed upon their ability to be able to discover only ‘so much’ during their limited-time client engagement.
Value is rapidly felt but short-lived, and invariably quickly becomes out of date as the organisation’s technology landscape continually evolves.
In the real world discovering a business’s unique and exploitable cyber vulnerabilities can be a lengthy process that requires deep client-specific knowledge, a tailored approach and years of broad offensive cyber experience. There is much evidence from historic and well-publicised commercial cyber breaches that genuine ‘Advanced Persistent Threats’ (APTs) can take many weeks, or even months, to successfully research, probe and penetrate their target’s defences before wreaking havoc. Even the mere detection (let alone impact) of these bad actor’s presence within a penetrated business can take many months by their internal SOC or Blue Team – by which time it is too late.
Testing your security defences sporadically and only for very limited amounts of time results in a gaping cyber risk gap for your organisation.
It is with a view to closing the fissure between a business’s desire for continually enhancing security, and the limitations of traditional Red Teaming, that CovertSwarm has entered the cyber market what a new and unique security offering:
Every CovertSwarm client forms a close alliance with a dedicated member of our hive of ethical hackers. Acting as a trusted - but ‘rogue’ – member of their client’s technology and security team, our ethical hacker relays key cyber data and insights into our larger hive of ethical hackers who become increasingly exposed to the makeup of their deepest intellectual property including technology architecture blueprints, network diagrams, source code, CTO roadmaps and even the business strategy of their new ‘target.’ However, rather than perform only short-lived and rudimentary cyber research, CovertSwarm’s hive of ethical hackers goes much deeper – just as any genuine commercial cyber adversary would do.
Operating within a carefully curated and client-agreed set of criteria, CovertSwarm’s 24/7 cyber research and modernised Red Team service continuously researches the unique technology stacks, processes and even members of staff within our client’s organisations. From the delivery of phishing campaigns; utilising the latest cyber exploit techniques and methodologies; to socially engineering your key personnel, our Hive of ethical hackers are relentless in probing our clients’ security to detect the hidden holes in their defences.
But we don’t stop there.
Unlike traditional Red Teams, our CovertSwarm of ethical hackers operates on two modes: attack AND educate: Through the cyber pressure we induce upon our client’s business infrastructure we not only detect where cyber blind spots exist, but we go on to educate their internal Blue, technology, security and HR teams as to where we were able to exploit these vulnerabilities and what remedial action should be taken to block our future attempts.
As we get smarter and more dangerous, we make our clients’ cyber estates more resilient and impermeable.
Through our constant cyber research, client-dedicated ethical hackers, and pooling of CovertSwarm’s hive of knowledge we deliver a fresh, long-lived and value-adding Cyber as a Service offering to the world’s most progressive brands.