Red Team is a goal-oriented process driven by threat simulations. Focus, Blue Team It is intended to measure the ability of the Blue Team to defend against this threat and to train the Blue Team.
Red Team is the process of using new Tactics, Techniques and Procedures (TTPs) to simulate real-world threats to measure and train the effectiveness of human resources, processes and technology positioned to defend an organization.
Red Team aims to understand security operations as a whole (people, processes and technology) to uncover vulnerabilities, flaws, errors. As a result of Red Team participation, you can identify your vulnerabilities and risks, but more importantly, Red Team operational processes provide an understanding of the threat that may arise against Blue Team and its ability to work.
Red Team with perspective_
All kinds of security tests included by Red Team manage the risk measurement and analysis process against threats. The Red Team plot consists of four different components.
Vulnerability Assessments tend to be wide in cover range but narrow in scope. Think about security vulnerability assessment of all corporate workstations. Scope is too broad, but not to deep in the context of corporate risks. What can be said about the risks when flaws are found? Can organizational risk only be understood at the workstation level? The overall risk for an organization is predictable to a small degree, but generally it remains at the workstation level. Vulnerability assessments are good at reducing the attack surface, however they don’t provide direct information for corporate risk.
Penetration tests take vulnerability assessments to the next level by exploiting and proving attack paths. Penetration tests may usually look like Red Team participation and you can even use some of the same tools or techniques The main difference lies in the purpose and intention. The purpose of penetration test is to perform an attack against the target system in order to identify and measure the risks associated with exploitation of a target's attack surface. Organizational risks can be measured indirectly and often understood from some technical attacks. But what about people and processes? This is where it fits into Red Team.
Red Team goals are scenario based engagements driven by specific threat intelligence. Red Team focuses on security operations as a whole and includes people, processes and technology. Red Team focuses specifically on goals related to measuring blue teams training or how security operations might affect a threat's capability to operate. Technical errors are secondary circumstances to understanding how the threat can affect an organization's operations or how security operations affect a threat's ability to operate.