Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Red Teaming or Pen Testing? A Quick Guide to Determine Your Testing Needs

As businesses are increasingly requiring anywhere, anytime access, strategic turmoil has erupted for security leaders from a data protection standpoint. The influx of tools and technology to facilitate these demands has increased the attack surface, bolstering the need for testing.

While it’s wise for every business to conduct security testing, some have no choice as its required by law, like healthcare organizations obliged to do so because of the Health Insurance Portability and Accountability Act (HIPAA), or any business that accepts or processes payment card data that must comply with the Payment Card Industry (PCI) standards.

By now, you’re likely familiar with the terms “penetration testing” and “red teaming,” but if it’s time to decide which option is best for your organization, we’ve provided a concise breakdown, with the help of Ed Williams, EMEA Director at Trustwave SpiderLabs, of what each actually is and how to make the best decision based on your business’s needs.

Penetration Testing

What it is: Human-led penetration tests employ techniques that a threat actor may use to exploit an insecure process, weak password, configuration or other lax security settings. Based on the confines of time, you see how far you can take that specific vector of compromise. You’re not just testing a flaw to see if it’s exploitable, you exploit it and see how far you can get within the allotted time of the engagement.    

Areas of Focus:

  • Mass Network Vulnerability Scanning

  • Web Application Vulnerability Scanning

  • Electronic social engineering

  • Password spraying and password brute-forcing

  • Conduct network layer and legacy protocol attacks

Expert Opinion
Penetration testing provides you with a great base level of security. “If you consider some of the major breaches that have occurred, many could have been prevented with a simple penetration test,” Williams says. It’s important to remember that the overall goal of a penetration test is to obtain some sort of domain credential, he adds. That’s why testing technical controls are crucial to ensuring fundamental coverage for your organization.

Red Teaming

What it is: This is a no-holds-bar focused engagement that is an inch wide but a mile deep. The sole intent of red teaming is to make an organization’s nightmare come true in a simulated attack. The business will provide a set of goals to the red team and the entire operation is built around accomplishing those goals without being detected. Rather than focusing solely on the technical controls, red teams aim to find flaws in people, processes and technology.

Areas of Focus (Goal Oriented):

  • Open Source Intelligence Gathering
    Understanding the organization’s infrastructure, facilities, and employees.
  • Phishing
    Methodically and quantitatively assess the human factor of security by determining the susceptibility of the target workforce to phishing attacks.
  • Weaponization
    Creating custom file payloads, trojans, or even false online personas to use for their attacks.
  • Social Engineering
    Following the intelligence gathering (reconnaissance) phase, red teamers will conduct both physical and virtual social engineering tests on the organization, which opens up opportunities for exploitation.

Expert Opinion
Red teaming is all about looking beyond just the technical controls. It’s about analyzing the people and the processes as well. This allows a red team to get real oversight as to what the organization looks like. “If the baseline of security maturity is met in your organization, you should then look into red teaming based on your overall risk tolerance,” Williams says. “It’s all about creating an attack simulation that mimics what the bad guys may do. The best way to do it is by aiming those attacks at the people, processes, and of course, the technology.”

So…Penetration Testing or Red Teaming?

At the end of the day, penetration testing is for all, but red teaming should really only be enlisted by businesses that have a mature security program in place. How do you reach that state? Through continuous penetration testing.

“It’s not worth it for an organization to conduct red teaming if their current security programs don’t feature consistent pen testing and the vulnerability scanning,” Williams says.

Determining your organization’s overall cyber risk tolerance is the first step for any security leader. For organizations with a low-risk tolerance that have secured their technical controls, if they feel they need to be more repellant against sophisticated attackers that have an eagle eye on their organization’s critical assets, it’s then time to enlist the help of a red team.

Security testing is a critical component of any cybersecurity program aiming to continuously improve an organization's overall security posture. But your business's cyber risk tolerance will determine how deep you want to go. This Trustwave SpiderLabs infographic helps illustrate the depth at which you can test your security.

Marcos Colón is the content marketing manager at Trustwave and a former IT security reporter and editor. This article was written by Marcos with supplemental information provided by Trustwave SpiderLabs Principal Consultant, John Cartrett.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More