Red Teaming FAQ
Following items are typically covered. Although which ones will actually be covered depends on multiple factors such as industry sector, risks to business, budget, location of business etc.
- Network port scanning
- Network infrastructure surveying
- IT system identification
- Operating system "fingerprinting"
- Security vulnerability research
- Internet application testing
- The ability to perform legal assessments of the IT/network infrastructure of the business or corporation
- Physical and digital-based dumpster diving
- The ability to conduct competitive intelligence
- Looking for weaknesses on remote connections
- Countermeasure deployment and implementation
- Firewall and access-control list testing
- Intrusion detection system testing
- Social engineering
- Trusted systems testing
- Password hacking and cracking
- Distributed Denial-of-Service investigation and testing
Red Team does not go after the complex security loop holes, but in fact the low-hanging fruits, which is very often ignored by the IT security staff. Also in real life, the real hackers do the same, and red teaming uses the same mentality to simulate a potential real life scenario. From there, the Red Team work their way into the most prized possessions of the business entity. But before launching any cyberattack, it is very important to note that the Red Team must first get explicit consent from the client. If the Red Team conducts any exercise(s) outside of this scope, they could be held legally responsible for the ramifications of any threat vector that they launch.
Finally, the terms of Red Teaming and penetration testing are used synonymously together, and as a result, the thinking is that the two are the same activity. In reality, they are not. Penetration testing is actually viewed as a subset of Red Teaming. The primary difference is that it is the Red Team that creates and designs the cyberattacks, while penetration testing executes them.
Short answer is Yes. We can provide references once the first level talks on requirement gathering are completed.
Absolutely yes. Our technical team is knowledgable, experienced and certified (CEH, CHFI, ISO27001, CISA).
The tasks are as follows...
- Give clear objectives, defining the scope, timeframe and delivery mechanism for the task
- Provide all the required information to complete the task successfully
- Develop a good working relationship, including regular contact with the red team leader;
- Be accessible to the team leader throughout the task;
- Engage with, and listens to, the red team;
- Give due weight to the red team?s findings and use them where appropriate
- Protect the red team from unwarranted criticism and negative reaction
- Ensure that the red team findings are heard, and acted on, by senior decision makers
- give constructive feedback on how the red team has performed in terms of its analysis and delivery of the outcomes.
What Our Customers Say?
Valency Networks is a very techie company, focusing on a continuous improvement in service quality. Our customers like us exactly for that and that helps us keep our quality to the best extent.
Valency Networks is our only preferred vendor because the way they find vulnerabilities in our network is par excellence. We hired them on a long term contract to top up our perimeter and wish to continue with them.
Hardly goes a day when I have not learnt anything new in cyber security space and IT technologies.
Working at Valency Networks helps me gain great knowledge everyday.