Pulse Security offers red team attacker emulation services. Red team testing allows for an organisation wide security review where Pulse Security consultants use the same techniques that would be employed by a real-world attacker. Red team testing can include phishing attacks and social engineering along with other technical penetration testing techniques. More information on the differences between red team testing and traditional penetration testing can be found here.
The red team exercise involves Pulse Security consultants researching the target organisation through public sources and exploiting the information gained to attempt to achieve a set goal, such as access to a customer database or payment environment. For example, consultants may use one or more of the following methods:
- Internet-exposed attack surface discovery
- Exploitation of vulnerable external or internal systems
- Gaining unauthorised access to physical premises and connecting to the internal LAN
- Undertaking a phishing/email campaign
A red team engagement will deliver the following:
- An overview of the security posture of the organisation.
- A narrative detailing the steps consultants used to compromise the environment.
- An actionable set of both technical and non-technical recommendations for improving the organisation’s security posture.
After the engagement, Pulse Security consultants work with your security staff to ensure robust solutions are implemented and to ensure knowledge transfer regarding attacker techniques, methodologies and detection strategies.