Red teaming is the practice of looking at a problem or situation from the perspective of an adversary. A red teaming exercise emulates Tactics, Techniques, and Procedures (TTPs) of real adversaries to test assumptions and improve the security posture of people, processes, and technology in the target environment.
In order to realistically emulate how a sophisticated adversary operates, red teaming exercises usually have specific objectives and a broad scope. They may include unconventional attack techniques, such as OSINT, social engineering, and physical intrusions. Each attack attempt is tracked along with its outcome, which may be:
- Attack is prevented
- Attack is remediated
- Attack is successful but detected
- Attack is successful and goes undetected
By training the defenders (the “blue team”), as the effectiveness of detection and response policies, procedures, and technologies is measured in the field, red teaming ultimately improves the preparedness and resilience of an organization against real adversaries.