Red Team: A group of cybersecurity experts that detects vulnerabilities in your systems and networks while mimicking the attacks of an intruder.
Similar to military simulations and war games, red team engagements are exercises in which our team of ethical hackers (red team) attacks your layered security controls while your security team (blue team) defends it.
Not only does a red team engagement put your system to the test, this simulated cyberattack prepares your team against a real attack, without putting you at risk.
Tek Security’s dedicated team of ethical hackers and engineers, works to exploit vulnerabilities and gain access to your internal environment. We do this through a series of tactics, techniques and procedures that we have developed over the last thirty years.
Once they have access to the inner workings of your system, the team works to gain administrative privileges and compromise internal accounts. Many clients also identify specific targets for the engagement, such as email exfiltration and sensitive data. Our team pursues these by any means not potentially harmful to the environment or explicitly stated as off-limits.
Each red team engagement begins on a kick-off call where your team meets our team. We’ll cover the rules of engagement, what areas of your system are included and types of attacks that won’t be deployed (DDOS attacks, the operating hours we are allowed to perform the engagement).
The kick-off call is also when we share plans for clear and open communication to ensure there are no/ minimal disruptions to your network. That may also include choosing to avoid attacks that may cause disruption, such as DDOS (Distributed Denial of Service) attacks.
Our team will be available 24/7 on a channel dedicated to your team, with frequent updates and communication as needed. This important line of communication is frequently used by client security teams to confirm that detected actions are not the work of a real threat actor, so they can react accordingly.
Although you won’t be made aware when we breach your security and gain access to the target data (similarly to a real attack), we notify you immediately if we find any critical vulnerabilities, and again when the test is wrapping up and. We also note any changes we’ve made to the environment (such as account creation or modification) and inform your primary point-of-contact at the end of the testing phase, so they can be promptly removed.
Before the engagement begins, we’ll discuss the valuable data you consider to be the company’s “critical assets”. Typically, this includes emails, HR payroll data, compromising sensitive and/or proprietary data. If no specific targets are specified, the team will compromise internal accounts with the ultimate goal of gaining administrative access to the environment.
Clients are also asked to not inform their employees of the scheduled engagement, to ensure we do not raise any suspicion and to ensure they behave as they would normally.