Red team members (or red teamers) share similarities to pentesters, with a more targeted job role.
While the pentesters look to uncover many vulnerabilities across systems to keep cyber-defence in good standing, red teamers are enacted to test the company's detection and response capabilities.
Red teamers perform adversarial simulation to simulate malicious behavior and test the blue team. This involves imitating cyber criminals' actions to:
- emulate malicious attacks
- uncover exploitable vulnerabilities
- retaining access
- avoiding detection.
Typically the red team assessments run for up to a month and are held by team external to the company. They are often best suited to organisations with mature security programs in place.
The ultimate goal is to:
- Assess organisations' security controls, threat intelligence, and ir procedures
- Evaluate and report on insights, with actionable data for companies to avoid real-world instances