20 June 2022

Ensure rock-solid security with Red Teaming and Scenario Based Pentesting

Organisations have worked hard in recent years to improve the basic security of their environments. Unfortunately, criminals aren’t sitting still either and are ahead of this defence. To minimise this distance, more is needed than basic measures: better insight into the attackers as well as continuous validation of the state of your security lead to this deeper understanding.

Fortunately, the increase in the number of security risks in recent years has driven a sharp increase in the security awareness of many organisations. And because more and more organisations are implementing the basic measures, there is often a solid security foundation. Turn on multi-factor authentication. Ensure network segmentation. Apply the principle of least privilege for access. Make regular backups. And patch systems in a timely manner. This foundation remains important. But as (ransomware) attacks also become more sophisticated, in our experience these measures prove insufficient in fending off everything. In order to become even more digitally resilient, a deeper understanding is needed.

"Organisations sometimes already feel safe with basic measures, but our own tests regularly show that this is far from true."
Understanding the attacker

To take your security to the next level, you need a good picture of the attacker. An attack can take place via many different routes and criminals have an arsenal of tools and tricks. However, every group has its own modus operandi. By modelling attacks (‘attack modelling’), you can better anticipate the actual course (the ‘kill chain’) and then adjust your defence accordingly.

A useful tool to model attacks is the MITRE Attack Framework. This makes it relatively easy to model a kill chain and to better understand it with the help of the underlying documentation. The MITRE Defend Framework also offers help in this regard. These tools help you better predict the path of the attack and adapt specific measures accordingly.

Validation of your security

If you think that once you’ve used attack modelling, there’s nothing else to be done, then you’re wrong. Organisations sometimes already feel safe with basic measures, but our own tests regularly show that this is far from true. This sense of security is created, for example, by monitoring services that should detect techniques from the MITRE framework, but in practice only pick up a fraction due to errors in the implementation. Every organisation has blind spots in the environment: situations where systems work a little differently than expected, where monitoring is set up just a little differently than it should be, or where the playbooks skip just that one crucial step that is needed to successfully detect and mitigate the impact of an attack.

But the necessary validation of security measures is often skipped, let alone repeated regularly. Phishing tests to test security awareness and the standard annual pen test do not offer peace of mind in a security landscape that changes every day.

"Test results quickly become outdated, so regular testing is essential to maintain confidence in your own defence."
Red Teaming and scenario-based pentesting

Red Teaming provides much better insight into the state of the defence. An external party attacks your organisation via digital and physical routes, while your own teams try to ward them off. But where teams know during a pentest that it will take place and can prepare for it, with Red Teaming they are taken by surprise. Because of this, they will treat the test as a real attack. This allows you to much better evaluate whether implemented security measures are working as intended and whether employees are responding as they should.

A Red Teaming attack is an extensive and complex process, with multiple objectives and methods of attack. As a result, it is not always possible in terms of time or budget. Precisely for this reason, Scenario Based Pentesting has been developed, a somewhat more practical test. A security partner then emulates a specific type of attack to assess how an organisation responds to, for example, ransomware or an internal attacker. This provides concrete insights into how organisations deal with specific threats, which you can then integrate into response strategies and plans to more efficiently resolve security incidents.

The power of repetition

Red Teaming is gaining popularity. In 2025 it will even become a standard for the national government. It is not advisable to wait until that moment to strengthen validation methods: criminals won’t be sitting still. That’s why you should already familiarise yourself with Red Teaming. If possible, start with the ‘lighter’ variant, Scenario Based Pentesting.

And most importantly: keep testing. The world of cyber security changes every day. Technologies and techniques are constantly evolving, creating new vulnerabilities. Test results quickly become outdated, so regular testing is essential to maintain confidence in your own defence. It’s also not a matter of just Pentesting, or only Red Teaming. By periodically deploying different evaluation methods, you are more often and better informed about the state of security of your (cloud) environment, and you are able to identify and remedy breaches in the security more quickly.

Do you want to know more about the validation options for your organisation and IT environment? Contact us at +31 (20) 364 36 00 or info@solvinity.com.

Sign up for the Solvinity Newsletter

Receive the latest news, blogs, articles and events.
Subscribe to our newsletter.
Background Icon

Other articles