Red Teaming is the process of testing your organisations security via any avenue possible. This emulates the approach used by real life attackers and is more advanced than a pre-planned penetration test.
We can conduct Red Teaming attack simulations on all areas of your organisation simultaneously, however a detailed scope will always be agreed in advanced to agree which areas are to be included and which areas or targets are strictly out of scope.
Red Teaming typically combines multiple attack methods such as phishing, social engineering and penetration testing where anything really goes. The main goal is to get access anyway possible.
Red Teaming allows highly skilled testers to replicate a real life malicious attack to demonstrate the level of damage that could be caused, but under safe and controlled conditions. It can provide your organisation a complete picture of the overall physical security, staff awareness and computer security without putting your organisation at risk. If vulnerabilities are found these can be rectified before an attack occurs.
Armadillo Sec are a CREST approved member company and our security consultants are fully certified by CREST to the highest level in application and infrastructure testing. This allows our consultants to give complete assurance when testing any elements of your environment. We have many years of experience leading large complex government and commercial cyber security tests. Our lead consultants will work with your from start to finish on the project to ensure all requirements are met.
Frequently Asked Questions
Penetration testing usually aims to identify a large breadth of weaknesses that may be exploited, Red Teaming emulates the approach used by a real-life attacker which is often to find a weakness or set of weaknesses and exploit these fully, in depth, to demonstrate the level of damage that could be done.
Penetration tests often have a specific pre-defined scope and often access is provided, however Red Teaming tests are often much broader in scope and are performed from a black box (no knowledge) perspective.
Our testers are fully certified by CREST to the highest CCT level in both application and infrastructure testing.
Our CREST member status can be viewed, along with the certified tester types we have on the below link:
It is recommended that Red Teaming assessments should be conducted annually to retest security procedures, staff awareness and staff changes.
Red Teaming assessments are bespoke depending on the goal or outcome you wish to achieve, therefore there is not an off-the-shelf price.
For each project we will technically scope your requirements and establish the time needed to complete the work. We will then provide a detailed proposal and breakdown of costs and options.
We supply a full testing report, which covers the following:
- Executive management summary - Non technical overview of issues for management board level
- Detailed findings - A complete list of all issues identified
- Risk level - Impact, likelihood and overall risk ratings are listed for each issue
- Examples - Output or screenshots to demonstrate the issue
- Recommendations - Recommendations of how to remediate the issues, including any reference to documents that can assist
A sample report can be supplied upon request.
We have a full methodology for all testing services we provide, which is supplied with each project proposal. This outlines the testing steps and all the requirements in order to deliver the test.