Enterprise Security
10.Mar.2023
From Penetration Testing to Red Team Assessment, the Diagnosis of Potential Information Security Threats is Expanded
In light of the endless reports of information security incidents domestically and internationally, which have been causing alarmingly increasing damage in the business sector, companies have begun to change their mindsets. They have realized that updating and reinforcing the defense mechanism is no longer enough, as they now must assume that vulnerabilities still exist in their system, awaiting to be breached by hackers. This is why specific testing methods need to be applied to further understand hackers’ perspectives and detect unknown information security blind spots. Therefore, companies worldwide have been demanding more professional services to be introduced, such as penetration testing and red team assessment.
In the current market, more companies tend to adopt penetration testing. Through annual penetration testing, they plan to identify potential security vulnerabilities in key systems and fix them accordingly. However, most penetration testing only focuses on a specific range and key goals, while other secondary systems not directly related to the core business are mostly ignored due to the limited budget. These secondary systems may not be as important as the core system, yet they are still possible targets for hackers. Such untested secondary systems often lay a risky groundwork for intrusions. More and more hacking reports in recent years have raised the awareness of international corporations that they must rely on red team assessment to fully examine the environmental security of the entire corporate network.
In short, the target of a red team assessment is not testing the security strength of a specific unit, but the overall external/internal information security capabilities of the entire company from a holistic perspective and identifying the weak spots in cyber protection. The red team will constantly attempt to exploit any security vulnerabilities they find as an entry point to breach the Intranet. During the process, multiple attack strategies or IP spoofing may be utilized to confirm whether the customer's information security maintenance team or defense equipment can detect such attacks. The action of the attacking team is not all to the red team assessment, as it is also a test for the "blue team" (defensive team) to confirm whether it can properly detect and address the signs of attacks with the existing defense equipment and contingency mechanism, and block the attacks in time to protect the corporate assets.
Given the importance of red team assessment for corporate information security, Onward Security has established an elite service team consisting of only top-notch experts. They are proficient in implementing challenging penetration testing for complex websites, IoT products, and mobile apps, as well as conducting red team assessments to effectively detect vulnerabilities in the corporate environment.
In short, the target of a red team assessment is not testing the security strength of a specific unit, but the overall external/internal information security capabilities of the entire company from a holistic perspective and identifying the weak spots in cyber protection. The red team will constantly attempt to exploit any security vulnerabilities they find as an entry point to breach the Intranet. During the process, multiple attack strategies or IP spoofing may be utilized to confirm whether the customer's information security maintenance team or defense equipment can detect such attacks. The action of the attacking team is not all to the red team assessment, as it is also a test for the "blue team" (defensive team) to confirm whether it can properly detect and address the signs of attacks with the existing defense equipment and contingency mechanism, and block the attacks in time to protect the corporate assets.
Given the importance of red team assessment for corporate information security, Onward Security has established an elite service team consisting of only top-notch experts. They are proficient in implementing challenging penetration testing for complex websites, IoT products, and mobile apps, as well as conducting red team assessments to effectively detect vulnerabilities in the corporate environment.
Flexible assessment scripts catering to all customer expectations
Frankly speaking, many vendors are offering red team assessment services in the market. However, when compared to competitors, Onward Security stands out with many unique advantages. Firstly, Onward Security has obtained the international CREST certification for penetration testing services, where such capability is also applicable to the red team assessment services, which ensures the testing team always demonstrates excellent project execution with top quality. For example, the protection of the customer’s data and the procedural integrity of the remote execution process shall always follow the established rigorous process, eliminating the chances of flaws or omissions.
Secondly, if an enterprise does not intend to include the entire company in the attack scenario of a red team assessment, Onward Security can also flexibly adjust the assessment script according to customer demands. For example, some customers want to simulate how attackers from the Internet can sneak into the intranet through external system vulnerabilities. Some customers demand that the scenario starts from the intranet, where the simulation set up a single employee's computer that has been implanted with a backdoor program as a starting point to perform horizontal diffusion and privilege escalation, while the attackers won’t give up until they steal the sensitive information. Unlike some other competitors whose assessments only have limited fixed modes, Onward Security can adapt to customer needs and make flexible adjustments, no matter where the launching point for an attack is required to be.
Furthermore, the scope of Onward Security’s red team assessment services covers not only the common IT or OT networks as normally expected, but also expands to the factories with the team’s proficiency in industrial control protocols and control system networks. The team will perform safety testing on the entire factory system, switching attack targets from ordinary databases and servers to the PLCs, sensors, or control components. As there are relatively insufficient information security maintenance staff or defense equipment for the OT environment, Onward Security will also fully assist customers in reinforcing the security of the OT network.
Secondly, if an enterprise does not intend to include the entire company in the attack scenario of a red team assessment, Onward Security can also flexibly adjust the assessment script according to customer demands. For example, some customers want to simulate how attackers from the Internet can sneak into the intranet through external system vulnerabilities. Some customers demand that the scenario starts from the intranet, where the simulation set up a single employee's computer that has been implanted with a backdoor program as a starting point to perform horizontal diffusion and privilege escalation, while the attackers won’t give up until they steal the sensitive information. Unlike some other competitors whose assessments only have limited fixed modes, Onward Security can adapt to customer needs and make flexible adjustments, no matter where the launching point for an attack is required to be.
Furthermore, the scope of Onward Security’s red team assessment services covers not only the common IT or OT networks as normally expected, but also expands to the factories with the team’s proficiency in industrial control protocols and control system networks. The team will perform safety testing on the entire factory system, switching attack targets from ordinary databases and servers to the PLCs, sensors, or control components. As there are relatively insufficient information security maintenance staff or defense equipment for the OT environment, Onward Security will also fully assist customers in reinforcing the security of the OT network.
Conducting attack assessment through meticulous planning and design
The attack process of Onward Security's red team assessment services can be simply broken down into the following: (1) Collect available data from the public network or dark web; (2) Discover the entry points; (3) Occupy the entry points; (4) Gradually proceed to the internal host; (5) Obtain host control authority; (6) Proceed to the target. The target of the assessment is usually set according to the consensus Onward Security and the customer have reached. The target can be set as the control authority of the domain server or the customer’s data, etc., depending on the customer’s expectations.
After the completion of each red team assessment project, Onward Security will provide a full report that is usually 70 to 80 pages long, detailing the testing tools and methods used in the attack assessment process, as well as specifying all relevant information such as changes in programs, system settings, and accounts during the entire assessment. Onward Security will present the whole attack path crystal clear for the customer's information security maintenance team to perform necessary deletions or system restoration.
In addition, Onward Security will continue to consult the customer about the reinforcement countermeasures for the weak spots found during the attack assessment, so they can determine whether they are to amend the policy or add new defense equipment. After the improvements, Onward Security will conduct a retest on the discovered security vulnerabilities to confirm whether they have been fixed. With the complete planning, design, and implementation of the whole process, Onward Security has recently provided red team assessment services to the local electronics manufacturing companies and financial holding groups, helping them to confirm whether their established information security detection, processing, and response mechanisms are abundant and ready for the challenges to come.
After the completion of each red team assessment project, Onward Security will provide a full report that is usually 70 to 80 pages long, detailing the testing tools and methods used in the attack assessment process, as well as specifying all relevant information such as changes in programs, system settings, and accounts during the entire assessment. Onward Security will present the whole attack path crystal clear for the customer's information security maintenance team to perform necessary deletions or system restoration.
In addition, Onward Security will continue to consult the customer about the reinforcement countermeasures for the weak spots found during the attack assessment, so they can determine whether they are to amend the policy or add new defense equipment. After the improvements, Onward Security will conduct a retest on the discovered security vulnerabilities to confirm whether they have been fixed. With the complete planning, design, and implementation of the whole process, Onward Security has recently provided red team assessment services to the local electronics manufacturing companies and financial holding groups, helping them to confirm whether their established information security detection, processing, and response mechanisms are abundant and ready for the challenges to come.
