Lateral Red Teaming – Real World Control Verification and Validation
A Lateral Red Team engagement enables an organisation to obtain an accurate assessment of the real-world vulnerabilities of their production systems, networks and organisation as a whole.
Security testing and vulnerability assessments are often scope limited and directed at specific components. A Lateral Red Team engagement provides an organisation with the opportunity to undertake a holistic approach to verifying the controls which protect it, their ICT systems and the data within.
Lateral Red Team engagements are requested by customers for a variety of purposes including:
- Exercising organisational ability to detect, react and take mitigative measures in response to actions from a simulated adversary
- Verification of system or organisation wide controls following changes in system or organisational security states
- Testing existing controls to justify and prioritise additional investment
- Identifying defective controls
- Assurance that controls that are functioning as implemented
A Lateral Red Team engagement is carefully scoped by working with the customer to determine exactly what the outcomes the customer requires, as all engagements are tailored based on requirements. Using well-defined methodologies and agreed “rules of engagement”, the adversary threat or threats that the team is emulating is decided up front and can range from a Tier 1 nation state to an opportunist criminal. This ensures that engagement objectives are being met, without altering the customers already accepted residual risk levels.
Engagements can be based on testing specific controls using a repeatable, demonstrable and evidence based methodology or by utilising a goal/objective based approach, where a customer levies a general requirement for our team to achieve (e.g. demonstrate whether it is possible to obtain physical access to a network component).
- Customers receive a detailed written report detailing vulnerabilities that our team uncovered
- If desired this can be backed up with a verbal briefing tailored to the audience
- Depending on the approach selected, information on the methodologies utilised to allow customers to repeat the verification tests themselves
- An understanding of where your organisation is at from a security standpoint and where enhancement and refinement of controls is required to achieve your desired risk level
Department of Internal Affairs (All of Government Certified Services & Common Capability ICT): ICT-SRS Panel (CCPSA-SRS)
- Information Security Risk Management and Assessment
- Information Security Governance and Strategy
- Information Security Assurance
- Source Code and Application Review and Technical Testing
- ICT Forensics, Investigation and Security Incident Response
Get in touch for more information about how we can help.^ BACK TO TOP