The future of Red Team operations
Introduction
The Red Team assessment is an increasingly popular method for an organization to get a realistic feel for their overall security. Organizations’ attack surfaces are large and constantly growing, so the ability to identify the vulnerabilities most likely to be targeted by an attacker can be invaluable.
In the future, Red Teaming is likely to only grow in popularity, but other changes can be more difficult to predict. However, there are a few trends that are likely to shape the future of Red Team assessments.
Earn two pentesting certifications at once!
Enroll in one boot camp to earn both your Certified Ethical Hacker (CEH) and CompTIA PenTest+ certifications — backed with an Exam Pass Guarantee.
Driven by regulations
In recent years, the regulatory landscape has expanded dramatically. The threat of data breaches has driven governments to pass new regulations designed to protect the sensitive information of their constituents that has been entrusted to or collected by corporations.
The most famous of these new regulations is the EU’s General Data Protection Regulation (GDPR), which protects the data of EU citizens regardless of where the company collecting the data is located. However, this is not the only data protection in existence. Many countries and US states have passed their own data privacy laws, and existing laws like PCI-DSS, SOX and HIPAA are still in effect.
It seems likely that future Red Team assessments will be driven by the need to demonstrate compliance with applicable regulations and standards. Some regulations require regular testing, and all of them levy fines for failing to demonstrate the ability to adequately protect customer data. When the cost of non-compliance outweighs the price of comprehensive security testing, Red Team engagements, especially those with a compliance focus, will likely become an even more popular way of testing an organization’s security posture.
ML-enhanced engagements
The goal of a Red Team assessment is to accurately simulate how an organization would be attacked in order to identify vulnerabilities that are likely to be detected and exploited. This typically involves the Red Team following a procedure that mixes structure (to ensure that the assessment is comprehensive) with flexibility (to adapt to the customer’s unique environment).
However, many of the activities performed by the Red Team are repetitive and are based upon responding to information collected by the previous test or action. These types of activities are ideally suited to automation, where a testing tool knows the logical “next” step based upon the previous response.
As machine learning and artificial intelligence mature, this likely will mean that they will be used extensively in Red Team operations. An ML- or AI-based testing system can provide scale to the Red Team and focus human analysts on the attack vectors most likely to bear fruit.
On the defender’s side, AI and ML-based systems can learn the features that indicate a possible attack. This machine-versus-machine system can dramatically increase the speed, scope and effectiveness of a Red Team assessment and allow the customer to rapidly improve their security through short cycles of attack, response and retrospectives.
Intelligence-driven assessments
Currently, the best Red Teams tailor the tools and tactics used in their assessment to the customer. The size of the customer’s attack surface and the sheer number of possible attackers and attack vectors mean that it is impossible for a Red Team to try to identify every possible vulnerability in an organization’s security landscape. However, by focusing on the vulnerabilities most likely to be exploited, the Red Team can make a measurable difference in the customer’s ability to resist an attack during an assessment.
In the future, Red Team assessments are likely to be much more focused on the potential attacks that an organization can expect to experience. A massive amount of data is available about known vulnerabilities, common attacks, hacking groups (and their tools, techniques and targets) and other features of the cybersecurity threat landscape. By aggregating and analyzing this data, organizations can identify the type of attack that they are most likely to experience and the probable target of that attack.
Using this information, the Red Team can design assessments to provide maximum impact to the customer’s security. While some breadth of coverage is always a good idea in case this analysis is important, a focus on the most likely attack vectors ensures that the vulnerabilities with the highest probability of exploitation are identified and remediated.
Human-focused assessments
Including social engineering attacks in a Red Team assessment can be a hard sell with some customers. If not managed properly, a social engineering assessment can backfire on the organization if employees feel that management is trying to trick them into being caught acting in an insecure manner. As a result, social engineering attacks are often out of scope of Red Team engagements.
However, the reality of the current cybersecurity threat landscape is that the human is the target of most cyberattacks. Over 99% of cyberattacks need some form of human interaction to succeed. As customers accept the importance of testing their staff for human vulnerabilities, Red Team assessments will become more human-focused.
Conclusion: Preparing for the future
Red Team assessments are designed to help an organization to understand and remediate the vulnerabilities in their attack surface in a realistic way. By acting like a real-world attacker, the Red Team identifies the vulnerabilities that an attacker is most likely to discover and exploit. The customer can then leverage the Red Team’s knowledge and experience to mitigate these vulnerabilities in a way that maximizes their resiliency to future attacks.
All aspects of a Red Team engagement are driven by the needs of the customer. As data protection regulations and standards become a more significant consideration for organizations, Red Team assessments will become even more focused on demonstrating the necessary level of compliance. As organizations’ attack surfaces grow and technology evolves, the face of the Red Team assessment will change with them.
While the details of the future of Red Teaming may be uncertain, they will almost certainly stick around and even grow in popularity as organizations try to prepare for and combat the cyberthreat.
What should you learn next?
Sources
- Cyber security and the growing role of red teaming, ITProPortal
- The future of red teaming: Computer robots face off in adversarial rounds, CSO
- Red Team Supply Chain Attacks in Modern Software Development Environments, Praetorian
- More than 99 Percent of Cyberattacks Need Humans to Click, Security Magazine
- 12 pre-built training plans
- Employer-requested skills
- Personalized, hands-on training
In this Series
- The future of Red Team operations
- Intelligence-led pentesting and the evolution of Red Team operations
- Red Teaming: Taking advantage of Certify to attack AD networks
- How ethical hacking and pentesting is changing in 2022
- Ransomware penetration testing: Verifying your ransomware readiness
- Red Teaming: Main tools for wireless penetration tests
- Fundamentals of IoT firmware reverse engineering
- Red Teaming: Top tools and gadgets for physical assessments
- Red teaming: Initial access and foothold
- Top tools for red teaming
- What is penetration testing, anyway?
- Red Teaming: Persistence Techniques
- Red Teaming: Credential dumping techniques
- Top 6 bug bounty programs for cybersecurity professionals
- Tunneling and port forwarding tools used during red teaming assessments
- SigintOS: Signal Intelligence via a single graphical interface
- Top tools for mobile android assessments
- Top tools for mobile iOS assessments
- Red Team: C2 frameworks for pentesting
- Inside 1,602 pentests: Common vulnerabilities, findings and fixes
- Red teaming tutorial: Active directory pentesting approach and tools
- Red Team tutorial: A walkthrough on memory injection techniques
- Python for active defense: Monitoring
- Python for active defense: Network
- Python for active defense: Decoys
- How to write a port scanner in Python in 5 minutes: Example and walkthrough
- Using Python for MITRE ATT&CK and data encrypted for impact
- Explore Python for MITRE ATT&CK exfiltration and non-application layer protocol
- Explore Python for MITRE ATT&CK command-and-control
- Explore Python for MITRE ATT&CK email collection and clipboard data
- Explore Python for MITRE ATT&CK lateral movement and remote services
- Explore Python for MITRE ATT&CK account and directory discovery
- Explore Python for MITRE ATT&CK credential access and network sniffing
- Top 10 security tools for bug bounty hunters
- Kali Linux: Top 5 tools for password attacks
- Kali Linux: Top 5 tools for post exploitation
- Kali Linux: Top 5 tools for database security assessments
- Kali Linux: Top 5 tools for information gathering
- Kali Linux: Top 5 tools for sniffing and spoofing
- Kali Linux: Top 8 tools for wireless attacks
- Kali Linux: Top 5 tools for penetration testing reporting
- Kali Linux overview: 14 uses for digital forensics and pentesting
- Top 19 Kali Linux tools for vulnerability assessments
- Explore Python for MITRE ATT&CK persistence
- Explore Python for MITRE ATT&CK defense evasion
- Explore Python for MITRE ATT&CK privilege escalation
- Explore Python for MITRE ATT&CK initial access
- Top 18 tools for vulnerability exploitation in Kali Linux
- Explore Python for MITRE PRE-ATT&CK, network scanning and Scapy
- Kali Linux: Top 5 tools for social engineering
- Basic snort rules syntax and usage [updated 2021]
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Penetration testing
Intelligence-led pentesting and the evolution of Red Team operations
Penetration testing
Red Teaming: Taking advantage of Certify to attack AD networks
Penetration testing
Penetration testing
Ransomware penetration testing: Verifying your ransomware readiness