[Red teams] have similar sophistication to what their customer faces day-to-day, but the actions of the red team are solely theirs. The red team has their own tradecraft, their own process, and their own way of doing things. They’re not really emulating anyone else [although, like all good offensive actors, they’re happy to blatantly borrow what works from others].”
Despite the best efforts and benefits that a full scope penetration test from a red team delivers, there are still other approaches.
Adversary simulation takes the concept of red teaming in a slightly different direction. Instead of the team approaching the targets as a “red team,” they instead emulate an actual known threat actor. This approach provides a level of insight that cannot be gained from any other type of testing. During the scoping and planning discussions for an adversary simulation, the red team and their target organization will discuss some of the most active and damaging threat actors that are currently out there and choose which real-world threats they would like to have their defenses tested against. This approach will allow the internal security team to truly assess their ability to detect and defend themselves from real-world attacks.
Just like any test, an adversary simulation is not a panacea and will not find every vulnerability that could be found. Adversary simulations are a key piece to a successful, mature security program and will provide insights into an organization’s defensive controls that cannot be provided any other way.
If you are interested in learning more about any of the topics I discussed in this blog post, or any others, don’t hesitate to reach out to me. Cobalt Strike Blog, referenced above, is an excellent place to learn many of the in-depth details of how adversary simulations and advanced red reaming activities work and which adversaries can be simulated.
Contact us if you are interested in learning more about all of the different types of penetration testing and CynergisTek’s ability to test your organization.