Penetration Testing: A Road Map for Improving Outcomes
As cybersecurity incidents gain sophistication, to ensure we are assessing security postures effectively, it is critical to copy real-world adversaries' tools, tactics, and procedures during testing activities.
Red teaming (or offensive) cybersecurity exercises take traditional penetration (pen) testing a step further by simulating real-world attacks that replicate real-world adversaries' techniques, tactics, and procedures (TTPs). For one thing, a red-team engagement takes a zero-knowledge approach: The wider organization isn't notified about the testing ahead of time and the red team isn't supplied with any prerequisite information about the organization.
By acting as an adversary trying to bypass an organization's security controls while avoiding detection, the red team identifies ways an organization can be compromised through real-world TTPs. It also assesses how well the organization can identify, manage, and resolve attacks or incidents consistent with best practices and incident response plans and procedures.