Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Red Teaming or Pen Testing? A Quick Guide to Determine Your Testing Needs

As businesses are increasingly requiring anywhere, anytime access, strategic turmoil has erupted for security leaders from a data protection standpoint. The influx of tools and technology to facilitate these demands has increased the attack surface, bolstering the need for testing.

While it’s wise for every business to conduct security testing, some have no choice as its required by law, like healthcare organizations obliged to do so because of the Health Insurance Portability and Accountability Act (HIPAA), or any business that accepts or processes payment card data that must comply with the Payment Card Industry (PCI) standards.

By now, you’re likely familiar with the terms “penetration testing” and “red teaming,” but if it’s time to decide which option is best for your organization, we’ve provided a concise breakdown, with the help of Ed Williams, EMEA Director at Trustwave SpiderLabs, of what each actually is and how to make the best decision based on your business’s needs.

Penetration Testing

What it is: Human-led penetration tests employ techniques that a threat actor may use to exploit an insecure process, weak password, configuration or other lax security settings. Based on the confines of time, you see how far you can take that specific vector of compromise. You’re not just testing a flaw to see if it’s exploitable, you exploit it and see how far you can get within the allotted time of the engagement.    

Areas of Focus:

  • Mass Network Vulnerability Scanning

  • Web Application Vulnerability Scanning

  • Electronic social engineering

  • Password spraying and password brute-forcing

  • Conduct network layer and legacy protocol attacks

Expert Opinion
Penetration testing provides you with a great base level of security. “If you consider some of the major breaches that have occurred, many could have been prevented with a simple penetration test,” Williams says. It’s important to remember that the overall goal of a penetration test is to obtain some sort of domain credential, he adds. That’s why testing technical controls are crucial to ensuring fundamental coverage for your organization.

Red Teaming

What it is: This is a no-holds-bar focused engagement that is an inch wide but a mile deep. The sole intent of red teaming is to make an organization’s nightmare come true in a simulated attack. The business will provide a set of goals to the red team and the entire operation is built around accomplishing those goals without being detected. Rather than focusing solely on the technical controls, red teams aim to find flaws in people, processes and technology.

Areas of Focus (Goal Oriented):

  • Open Source Intelligence Gathering
    Understanding the organization’s infrastructure, facilities, and employees.
  • Phishing
    Methodically and quantitatively assess the human factor of security by determining the susceptibility of the target workforce to phishing attacks.
  • Weaponization
    Creating custom file payloads, trojans, or even false online personas to use for their attacks.
  • Social Engineering
    Following the intelligence gathering (reconnaissance) phase, red teamers will conduct both physical and virtual social engineering tests on the organization, which opens up opportunities for exploitation.

Expert Opinion
Red teaming is all about looking beyond just the technical controls. It’s about analyzing the people and the processes as well. This allows a red team to get real oversight as to what the organization looks like. “If the baseline of security maturity is met in your organization, you should then look into red teaming based on your overall risk tolerance,” Williams says. “It’s all about creating an attack simulation that mimics what the bad guys may do. The best way to do it is by aiming those attacks at the people, processes, and of course, the technology.”

So…Penetration Testing or Red Teaming?

At the end of the day, penetration testing is for all, but red teaming should really only be enlisted by businesses that have a mature security program in place. How do you reach that state? Through continuous penetration testing.

“It’s not worth it for an organization to conduct red teaming if their current security programs don’t feature consistent pen testing and the vulnerability scanning,” Williams says.

Determining your organization’s overall cyber risk tolerance is the first step for any security leader. For organizations with a low-risk tolerance that have secured their technical controls, if they feel they need to be more repellant against sophisticated attackers that have an eagle eye on their organization’s critical assets, it’s then time to enlist the help of a red team.

Security testing is a critical component of any cybersecurity program aiming to continuously improve an organization's overall security posture. But your business's cyber risk tolerance will determine how deep you want to go. This Trustwave SpiderLabs infographic helps illustrate the depth at which you can test your security.

Marcos Colón is the content marketing manager at Trustwave and a former IT security reporter and editor. This article was written by Marcos with supplemental information provided by Trustwave SpiderLabs Principal Consultant, John Cartrett.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo