Red Team Assessments
Red Team Assessments are multi-faceted, adversarial-based attacks simulated against people, software, hardware, and facilities—performed simultaneously. Red Team Assessments involve several facets of social engineering, physical penetration testing, application penetration testing, and network penetration testing.
When performing Red Team Assessments, MainNerve has no knowledge of your systems and networks prior to testing. In addition, our Red Team Assessments are 99% human-driven. The objective of a Red Team Assessment is to obtain a hyper-realistic level of risk and vulnerabilities against your Technology, People, and Physical Facilities.
Red Team Assessments are considered a full-scope security and vulnerability assessment that combines multiple services to provide a complete view of an organization’s security posture. This type of test is a comprehensive attack simulation carried out by our highly-trained security technicians. A Red Team Assessment includes:
- Network Penetration Testing
- Physical Security Assessments
- Social Engineering Testing
Benefits of Red Team Assessment
A network red team assessment provides a number of benefits:
- Identify physical, hardware, software, and human vulnerabilities
- Obtain a realistic understanding of risk and vulnerabilities for your organization
- Assist with addressing and fixing all identified security weaknesses
- The most thorough and holistic level of cybersecurity testing
- Test the readiness of an organization by measuring reaction under simulated attacks or breaches
- Identify weaknesses in security policies, practices, and procedures
- Help in developing a relevant and complete security program
The MainNerve Red Team Assessment Process
MainNerve Red Team Assessments utilize a comprehensive, combined approach of social engineering, physical security, and cybersecurity assessments. Through the blending of these three services, you get a comprehensive look at your security posture through the testing of your people, infrastructure, policies and procedures, networks, systems, and hosts. Our approach is based on the NIST SP 800-115 and 14, Technical Guide to Information and Security Assessment; as well as NIST 800-53A, Guide for Assessing the Security Controls for Federal Information Systems; NIST SP 800-19, Developing Security Plans; and DoD 5200 08-R, Physical Security Program, in order to ensure a comprehensive assessment. Through the use of open source intelligence, dumpster diving, ethical physical penetration of your facility… we perform a full-scale attack simulation on your organization to assist with comprehensively securing your business.
Note: Our Physical Security Assessments are conducted by highly-credentialed personnel with law enforcement or special operations backgrounds. They only work with the latest techniques and technologies to ethically test and assess the status of the physical security safeguards in place.
MainNerve performs Red Team Assessments using the methods detailed in NIST SP 800-115 and 14, Technical Guide to Information Security Testing and Assessment. In order to ensure a comprehensive assessment of your overall security posture, we leverage industry-standard frameworks as a foundation for carrying out each of our tests—network penetration testing, social engineering, and physical penetration testing. Our methodology includes specific phases with continual reporting throughout the entire process.
At MainNerve, the Reporting/Delivery phase of our Red Team Assessment process is one we are incredibly proud of. We strive to effectively communicate the value of our service and findings—and provide you with the information you need to fix any identified vulnerabilities. A Red Team Assessment Final Report with MainNerve Includes:
- Statement of Scope
- Statement of Methodology
- Limitations (if applicable)
- Testing Narrative
- Tools and uses
- Remediation Recommendations
- Risk Rating
- Executive Report and Presentation**
Why should I conduct a red team assessment?
A Red Team Assessment is a multi-faceted attack that is simulated from the perspective of a malicious hacker or group of hackers. The objective is to realistically simulate a virtual and/or physical security attack with the goal of uncovering security vulnerabilities that might otherwise be exploited by bad actors. Through the Red Team Assessment process, you gain valuable insight into the overall security posture of your assets—giving you the ability to fix them before hackers are able to cause serious damage.
How long does it take to conduct a red team assessment?
The overall time it takes to conduct a Red Team Assessment depends entirely on the size and complexity of the project assets. This includes physical locations, staff, infrastructure, and more. That being said, most Red Team Assessments take anywhere from two to eight weeks from start to finish.
How much does a red team assessment cost?
Unfortunately, this question is not simple to answer until some level of scoping has been performed. Put simply, the number of locations and objectives will ultimately determine the cost. For example, when determining scope of work, we take into account the following: web applications, networks, number of staff members and target locations, goals, travel from locations, timeframe, and more.