Halborn Logo

// Blog


What Is Red Teaming, How Does It Work and Why Is It Important?


Rob Behnke

January 3rd, 2022

When it comes to InfoSec and the various ways to protect your organization from outside threats, things like email encryption, antivirus, proper password management, network firewalls and user-focused cybersecurity policies are only part of a well thought out cybersecurity plan. That’s because if you want to know how your organization’s security is really performing, you’ll need a proactive way to evaluate how bad actors could potentially breach your security. That’s why organizations do something called Red Teaming.


Cybersecurity professionals that do red team work ultimately look to make an organization more secure by attacking the organization from the outside and looking for holes in its security. Essentially, red teams act as the “bad guy” and this gives an organization real world feedback and data on how cyber criminals can compromise their systems and important data. In short, you have to be on the outside of the organization to truly discover what a bad actor could do, and having this information is vital to building cybersecurity systems. That said, let’s have a closer look at the work red teams actually do.

How Red Teaming Works


Red Teams can either be put together internally, or can be hired externally (through a cybersecurity agency like Halborn) to go on the offensive and test an organization’s cybersecurity. 


Generally speaking, Red Teaming works in three parts:

1) the preliminary phase, where insights into your organization’s threat landscape are collected,

2) the preparation phase, where the critical functions of the business are outlined,

and 3) the testing phase.


Additionally, here are the areas of focus when Red Teaming:

  • Network Penetration Testing

Network pen testing looks for system level and network level vulnerabilities, wireless network vulnerabilities, and any other configurations.

  • Application Penetration Testing

App pen testing includes identifying things like injection flows, cross-site request forgery, weak session management and more.

  • Physical Penetration Testing

Physical pen testing involves gaining an understanding of the effectiveness of security controls. 

  • Social Engineering

With social engineering, humans are tested for how susceptible they are to persuasion through phishing emails and websites, text messages and phone calls and even physical onsite manipulation.


Another important thing to note is that Red Teaming and penetration testing are not exactly the same thing. Although pen testing is critical, it is only part of what a Red Team does. For more info on penetration testing, check out our recent blog What Is a Penetration Test?


The Importance of Red Teaming


The term “Red Team” originates from the army, where the Red Team was created to carry out adversarial attacks to simulate what a real attack could look like. This would give the army realistic data and strategies to respond to any forthcoming real attacks and be better prepared to handle them. 


Unfortunately, organizations often function under the assumption that so long as they have strong network security, that their information is also by default secure. But this is typically not the case because cybercriminals have become much more sophisticated in recent years, using a combination of attack vectors including:


#1: Human – Often overlooked, humans typically represent the weakest link in an organization’s security. People in your organization have both physical and digital (often remote) access to your most important assets and data, which means if any person is targeted in your operation, a bad actor could have access to any system, piece of information or asset within your company.


#2: Cyber – This is what most people think of first when being hacked comes to mind. It would include a breach of your network, devices, accounts and other systems that could be accessed online. Ransomware is an example of a cyber attack.


#3: Physical – Cyber and humans aren’t the only areas attackers target. They also target physical IT hardware, buildings, safes, desks, and other physical places you might store data and sensitive information. For example, many crypto exchanges who keep assets in cold storage implement 24/7 security with armed guards in the event that someone would try to access a building that houses that cold storage.


The world is changing and it is becoming increasingly more complex to protect your organization’s information and assets from bad actors. So Red Teaming aims to create realistic cyber attacks on your organization in order to improve overall security, and help your company be ready for a real cyber attack when it does happen. 


And because cybercriminals are consistently using more sophisticated attacks, you’ll want clear ways to identify what potential holes in your security are before these attacks happen. So if you want to ensure that you have a proper Red Team strategy in place and that your organization can identify and address any critical security vulnerabilities, please reach out to our cybersecurity experts at halborn@protonmail.com