Friendly Fire: The benefits of Red Teaming

In March 2016, US government confirmed the claims of a hacktivist group working for Iranian Revolutionary Guards. The group claimed to have gained access to Bowman Avenue Dam in Rye Brook, New York. The act was purposely done to undermine national security and markets of USA. Manhattan U.S Attorney Preet Bharara described these hacks as “frightening new frontier” of cyber crime that’s “scary to think about.” Similarly, in 2014, a group of hackers exploited loopholes in Supervisory Control and Data Acquisition(SCADA) and took full control of critical infrastructure.

As per a report by Gartner Inc, 6.4 billion connected things will be in use worldwide in 2016 with 5.5 million new things getting connected every day. Given the emergence of “Internet of Things” which includes a fully connected utility sector (electric, gas and water firms), cyber security has become extremely crucial and it’s importance will only increase with each passing day. In such a scenario, no professional cyber security team can choose to ignore the benefits of “Red Team vs Blue Team exercise”.

Red Team vs Blue Team exercise

The basic idea is to identify loopholes in a system. When it comes to cyber security two groups of security professionals are formed. The Red team is entrusted with the task to attack the system while Blue team’s job is to prevent Red team from hacking into the system and taking control of it.

These exercises trace their origin to military. In military these exercises were performed to test the battle-readiness of a force. Even US intelligence (military and civilian) has Red team which explores alternative future and creates strategies from the viewpoint of foreign leaders. In addition to it sensitive sites like nuclear facilities also perform simulated exercises based on the same principle. In fact it was only in 1990s when these exercises were adopted by cyber security professionals to test information security systems.

The benefits?

Shift in Perspective is the major benefit which these exercises lead to. A red team is an independently thinking and operating group that challenges organizational thinking, perspective and systems by viewing it from an alternative and different perspective. The fantastic outcome is a better understanding of strengths and weaknesses from an unbiased view, enhance decision making, and avoid surprise. A Red team can be related to an ethical hacker, who hacks the system in order to test or evaluate the security rather than a malicious or a criminal intent. It’s always better to stand exposed in front of a friend rather than a foe. These exercises help in getting answers to various organizational questions like

• Will my firm’s existing combination of security controls protect against a sophisticated cyber attack in practice?
• Do the existing risk assessments, budgets and IT initiatives appropriately reflect the cyber security risks facing my firm?
• Can my firm be breached due to security issues at foreign subsidiaries?
• What information can office visitors, contractors and employees find on the corporate network?

It is essential to note that the benefits of Red Teaming depends on the kind of exercise being performed. The exercises vary from the basic Social Engineering to Cyber Attack Simulation and Penetration Efforts. Nowadays, even post assessment advice and implementation tips are being provided which cover all aspects of cyber security. Nevertheless, the benefits which most of the organizations can derive are:

• Ability to test the effectiveness of your firm’s digital forensics and incident response capability.
• Measure the resilience of your organization’s defensive posture.
• Gain access to good quality threat intelligence on your organization.
• Gain visibility into your organization’s exposure to information harvesting by examining its digital footprint.
• Acquire knowledge and early warning signs to help your organization harden its business systems so that they better resist an active attack.
• Provide a practical training opportunity to your cyber defense team.
• Simulate a more realistic threat environment to better tune your Security Information Event Management (SIEM) and Intrusion Detection/Prevention System (IDS / IPS) solutions.
• Identify the attack vectors that would be employed by criminals to exfiltrate private information or corporate secrets from your organization.
• Qualify the effectiveness of your organization’s security awareness program.
• Get a clear view of your cyber security risks and their impacts, allowing you to prioritize improvement activities.

Apart from these benefits, certain risks are also associated with such exercise which include the information and security results being in the hands of a third party which conducted the exercise. These issues can be legally taken care of before conducting the exercise. Nevertheless, the benefits of Red Teaming and Blue Teaming exercise makes it indispensable to cyber security.