- Customized Engagements - Bridewell utilizes real attack methods and cutting-edge techniques from threat actors relevant to your organization, tailored to your current maturity.
- A Comprehensive Test - Our assessment extends beyond technological controls to people, process, and procedures.
- A Black Box Testing Approach - Our approach reveals potentially unknown points of risk or attack beyond just ATT&CK TTPs.
- A Real Time Engagement - Assess your defensive playbooks and responses in a controlled, realistic test for your in house or third party SOC solutions.
- Threat Driven Engagements – Bridewell offer a number of engagement types driven by our in house Cyber Threat Intelligence service. This allows realistic simulations of attacks using up to date intel from threat actors operating in your business sectors.
- A Focus on Training and Improvement - Bridewell work with your in house or 3rd party Blue Teams to help them understand the attacks and techniques used and how to thwart future attacks.
- Live Reporting and Updates - Our penetration testers provide real-time insight into key findings, culminating in a tailored report to address your specific goals from undertaking the assessment.
- Detailed Washup Sessions - Bridewell will support and develop your blue team, providing detailed guidance on improving hunting, remediation and detection capabilities.
- A Realistic Attack Simulation - Bridewell’s assessments are goal-oriented and objective led, they simulate the tools, tactics and procedures that would be used by a real-world attacker.
Key Challenges Addressed
The solutions, technologies, and third parties that organizations rely upon to operate are the core of their business and represent a significant investment.
Yet, organizations don’t always have complete assurance that they are working as intended, are optimally configured, offer the assumed level of protection, and will remain secure in real world threat scenarios.
Moreover, they lack a true understanding of how their people, processes and technologies would handle a worst-case threat scenario (i.e. if their key business processes would remain operational if their business was compromised by a persistent and skilled adversary).
Not only does this prohibit them from improving their defensive security capabilities, but it is also a missed opportunity to train their security operations center (SOC) with up-to-date approaches and processes that enable them to effectively respond to new and persistent threats.
Here are just some of the benefits of trusting Bridewell to deliver Red Team Assessments.
Truly Assess Your Security Capabilities
A red team assessment provides a comprehensive assessment of your existing security capabilities and actionable guidance on how they can be improved.
Focused Remediation Actions
Our Red Team will provide you with a clear understanding of how to improve your defensive capabilities.
Findings Beyond Known Vulnerabilities and Out of Date Software
Defend against fringe or low chance/ high impact attacks with a comprehensive assessment that goes beyond a typical security assessment.
Improve Your Security Investment
Develop and improve your SOC's skills and ability to react to modern threats.
Detailed Data Collection Opportunities
Gather telemetry to create and enhance hunting and detection rules.
How It Works
Initial Scoping & Quotation
Bridewell will work with your organization to understand your individual business objectives and the range of potential threats and security risks. Using these, Bridewell will work with your organization to identify the scope of the engagement and provide a quotation.
In order to deliver an effective Red Team, the Red Team Lead and all involved parties take part in a full scoping day to outline every important detail for the engagement.
Engagement Kick Off
Once the scope of the assessment has been agreed, Bridewell will begin the assessment. Bridewell will carry out the assessment over a defined period of time, in line with the agreed rules of engagement. They will aim to complete all objectives and goals within the defined timeframe.
Throughout the assessment, Bridewell’s Red Team will be in constant contact with the key contacts. This ensures the engagement is proceeding safely, securely and continues to deliver the expected results within the time frames
Report & Analysis
Once the assessment has been completed, Bridewell will share a report with key stakeholders to provide detailed analysis covering all aspects of the test in detail.
Bridewell also provides a live debrief where the Red Team who performed the assessment can present their findings to key individuals and answer any questions they may have.
Customised Red Team Engagements
Beyond a typical Red Team Assessment, Bridewell can also provide engagements featuring any combination of the following:
Assess your organization's defensive capabilities beyond the scope of a traditional penetration test by understanding the implications of an attacker bypassing your external perimeter.
Test your organization's defensive capabilities within the security perimeter by assessing your current protections and protocols for after a breach has occurred. In contrast to traditional assessments, which assume attackers come from well-placed internal attack hosts, an assumed breach test reviews the consequences of a user or devices already being compromised.
This assessment evaluates the potential impact of a compromised, low level user account in your organization and how you can better protect against this scenario. This is a valuable addition to a traditional penetration test for organizations with mature environments with established vulnerability management and network security practices.
Understanding these vulnerabilities and remediating against them will help organizations defend against methods such as:
- Email attacks
- Drive by attacks
- Credential compromises.
A true evaluation of the effectiveness of your organisation’s chosen EDR, XDR and/ or endpoint protection systems.
Test the current level of protection your organisation is receiving through its chosen EDR and endpoint protection solutions. During the assessment, Bridewell’s penetration testing experts will assess the prevention and detection of numerous off-the-shelf commodity payloads and attack methods alongside more advanced methods.
Undergoing the assessment can help your organization identify areas of the product that have been misconfigured and ensure you are utilizing all functionality. Following the assessment, Bridewell will also provide recommendations on improving your configuration and performing maintenance to maximize your return on investment.
Identify key Advanced Persistent Threat (APT) groups operating in your sector and carry out targeted testing to evaluate the processes and procedures currently in place to defend against them.
Perform simulated attacks that incorporate the tools, tactics, and procedures (TTPs) used by leading APTs relevant to your organization. By reproducing the methods likely to be used by attackers when targeting your business in a real-life scenario, your security teams can evaluate and improve their current defensive capabilities.
This helps them better understand, monitor for, and defend against the TTPs used by the APTs most relevant to your organization. Additionally, it will help them develop hunting techniques to thwart real attacks should they occur.
Once completed, Bridewell will provide a final report detailing a complete timeline of the attack that can be used by your in house or 3rd Party SOC or SIEM to remediate against vulnerabilities identified during the assessment.
Identify potential worse case scenarios and carry out targeted testing to develop and evaluate the processes and procedures currently in place to protect your most valuable assets.
Identify, plan, and execute the highest risk attacks relevant to your organization in a controlled manner with Bridewell’s trusted and highly certified penetration testers. By simulating Advanced Persistent Threat (APT) scenarios and other risks unique to your organization, Bridewell can evaluate the capabilities of your existing cyber security practices and infrastructure.
These insights allow Bridewell to provide guidance and remediation's that improve your security posture against these threats and mitigate risk if they were to occur in a real-life scenario. Given that these threats are often entirely unique to your organization, Bridewell will work with you to identify the most relevant and incorporate them into the assessment. These could include anything from:
- Insider threat testing.
- Physical access and physical data or asset exfiltration.
- Financial system manipulation.
- Cloud administration compromise and lockout.
- Ransomware simulations.
- CEO system compromise.
Here are some commonly asked questions about Red Team Assessments. If you’d like to learn more speak to one of our team.
A red team assessment is a form of testing in which a team of individuals simulates an adversary or attacker in order to test an organization's defenses. The purpose of a red team assessment is to identify vulnerabilities and weaknesses in the organization's security posture and to help the organization improve its defenses.
Red team assessments can be used to test a wide range of security controls and systems, including network and application security, physical security, and incident response plans and procedures. They can also be used to test the organization's defenses against specific types of threats, such as nation-state cyber attacks, ransomware attacks, or phishing campaigns.
Overall, the purpose of a red team assessment is to help the organization improve its security posture, protect itself against potential threats, and reduce the risk of a successful attack.
Red team assessments are typically carried out by a team of individuals who simulate an adversary or attacker in order to test an organization's defenses and evaluate their effectiveness. The team may be composed of a variety of professionals, including cybersecurity experts, network engineers, and IT professionals, as well as individuals with expertise in areas such as social engineering and physical security.
In addition to the red team, other individuals or groups may be involved in a red team assessment, depending on the scope of the assessment and the specific goals of the organization. These may include:
- The organization's security team: The security team may be involved in planning and executing the red team assessment, as well as reviewing and analyzing the results.
- Internal stakeholders: Depending on the scope of the assessment, other internal stakeholders such as business unit leaders or HR may also be involved in the planning and execution of the assessment.
- External consultants: The organization may also bring in external consultants to assist with the assessment, particularly if they have specialized expertise or experience with red teaming
Overall, the composition of the red team and the individuals or groups involved in the assessment will depend on the specific goals and objectives of the organization and the scope of the assessment.
The results of a red team assessment can be used to improve an organization's security posture in several ways:
- Identifying vulnerabilities: A red team assessment can help the organization identify vulnerabilities and weaknesses in its defenses that could be exploited by an attacker. By identifying these vulnerabilities, the organization can take steps to remediate them and reduce the risk of a successful attack.
2. Testing the effectiveness of defenses: A red team assessment can help the organization understand how well its defenses hold up against a simulated attack and identify areas where they are ineffective. This information can be used to improve defenses and make them more effective at protecting against real-world threats.
3. Improving incident response: By simulating a cyber attack, a red team assessment can help the organization test and improve its incident response plans and procedures. This can help the them respond more effectively to a real-world attack and minimize the impact of an incident.
4. Enhancing employee awareness: A red team assessment can help raise awareness among employees about potential threats and how to identify and respond to them. This can the wider organization improve its overall security posture by increasing the vigilance and awareness of its employees.
Overall, a red team assessment is a powerful tool for organizations to identify vulnerabilities, test the effectiveness of their defenses, improve incident response, and enhance employee awareness, all of which can help improve the organization's overall security posture.
Ready to Take the Next Step?
We’re here to help, so to speak with our team and learn more about how Bridewell can benefit your organisation, just complete the below form and one of our experts will be in touch.