Red Team Test
Red Team Test ⫘
Note
Red Team Test is End of Sale (EOS), effective Sep 6, 2022. See Adversary Exercises for current offering.
Service Overview ⫘
A Red Team Test imitates real-world attacks against your organization, challenging your defenses against electronic, physical, and social exploits. These tests are designed to identify deficiencies in security controls and security practices that are not readily apparent when conducting standard technical tests. A Red Team Test focuses on identifying potential damage that a determined, directed attacker can accomplish, and is a tool to train defenders to identify indicators of active attacks.
Service Methodology ⫘
The Red Team Test is conducted in five phases as summarized below:
- Reconnaissance and Open Source Intelligence (OSINT): Network probing is performed to collect information from public and compromised data sources, and from physical observation of target locations if applicable. In a process known as OSINT gathering, Secureworks uses commercial, open source, and proprietary tools to search public information sources for information about you.
- Planning and Preparation: Collected data is analyzed and potential vulnerabilities are mapped during planning and preparation. Interactions with network-based services become more aggressive, though the goal is eliciting additional information, not exploiting vulnerabilities. Vulnerabilities are evaluated for likelihood of success, risk of detection, and efficacy in furthering testing objectives.
- Perimeter Breach: Bypassing the security perimeter is the first step to compromising your environment. Then, network, physical, or social vulnerabilities must be exploited according to the plans established in the above-listed phases. Successful exploitation yields privileged information, provides control of a target system, or grants access to a network-restricted area or a physical-restricted area. Exploits are combined and cross-delivered, such as when a social engineering attack leads to the compromise of a workstation behind the perimeter firewall, providing a path for the remote tester's access to the internal network for further attacks.
- Internal Penetration Testing: Secureworks will traverse your environment and attempt to compromise one or more systems. After access to a system has been obtained, the system is reviewed for critical information toward the testing goals and may be compromised if doing so leads to the goals. This process is repeated until the testing goals are achieved.
- Analysis and Reporting: Secureworks performs a thorough review and analysis of data and logs that were collected during the test.
Outcome ⫘
You will be provided with a report containing a complete narrative about the testing with supporting documentation such as screenshots, code snippets, and other forms of evidence.
Scope and Service Units ⫘
| Description | Service Units |
|---|---|
| Red Team Test - Internal Assumed Breach | Minimum of 30 Additional service units could be required depending on maturity of your security program (e.g., dedicated security team, internal incident response team, endpoint detection and response solutions, internal SOC and/or MSSP, and previous participation in Red Team testing) |
| Red Team Test - External Breach; includes testing your organization's wireless perimeter | Minimum of 30 Additional service units could be required depending on maturity of your security program (e.g., dedicated security team, internal incident response team, endpoint detection and response solutions, internal SOC and/or MSSP, and previous participation in Red Team testing) |
| Add-on: Red Team Test Per Location (for each additional on-site/physical location) |
16 |
Scheduling and Booking Information ⫘
See Service Scheduling for information about scheduling this service.