New service simulates tactics of real-world hackers; provides actionable intelligence on most likely attack scenarios to help large organizations reduce risk of breach.
JANUARY 21, 2015 /Carpinteria, Calif. – Redspin, Inc., a leading provider of penetration testing services and HIPAA risk assessments, today announced a Cyber Security “Red Team” assessment service. The new service is designed to uncover realistic paths that external adversaries may take to compromise computer systems and networks, steal confidential data, and gain access to facilities.
Recent high profile breaches at Target, JP Morgan Chase, Community Health Systems, and Sony Pictures suggest that large organizations across many industries need a different approach to securing their networks and protecting sensitive data.
“Investing in security products can only reduce your risk so far,” said Daniel W Berger, Redspin’s President and CEO. “During a Red Team Assessment, our clients ask us to take a ‘no holds barred’ approach to infiltrate their network. Then we report to them how we got in. And we always get in.”
Each Red Team engagement is uniquely-tailored to the client’s organization and leverages a full team of Redspin security specialists working in tandem. Generally, it includes a combination of:
- Identification of information leaks by employing “zero packet reconnaissance” and open source intelligence vectors
- Analysis of the security of Internet-facing networks by probing open ports and services, and attempting to exploit any vulnerable or misconfigured machines
- Advanced social engineering tactics such as email/mobile device phishing campaigns and pretext phone calling, which often enables hackers to gain an organizational foothold and then pivot to internal networks and databases
- Physical security tests at sensitive locations using long-term surveillance and multiple attempts to gain unauthorized facility access
“Real-world attacks don’t follow the rules of a typical security assessment,” said David Shaw, Redspin’s Chief Technology Officer. “Redspin’s Red Team Assessment mimics the tactics employed by advanced adversaries so that our clients can better defend themselves.”
The results of each successful and unsuccessful attempt to gain access are compiled into a compelling narrative. Using a risk-based methodology, Redspin’s Cyber Security Red Team Assessment reports on critical flaws, highlights potential impact to the organization, and prioritizes recommendations for remediation.
Daniel W. Berger