-
Red teaming: Is it the career for you?
- 2021/09/09
- 再生時間: 6 分
- ポッドキャスト
-
サマリー
あらすじ・解説
To best protect an organization from would-be-attackers, proactively probing their security measures is an approach fast growing in popularity. Simulating attacks is the job of red teams, and the goal is to find and fix weaknesses before hackers can exploit them. Red team members are ethical hackers hired by an organization to carry out real-world, advanced attacks. The work is worth considering if you’re a cybersecurity pro looking to make a distinct difference for organizations making a concerted effort to keep bad actors out. Red teaming includes “an element of breaking in and legally doing as much as you can under the radar, and that’s pretty fun,” says Curtis Brazzell, managing cybersecurity consultant with GuidePoint Security. What is red teaming? The National Institute of Standards and Technology (NIST) defines red teams as groups of people authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture. Their objective is to improve enterprise cybersecurity by demonstrating the impacts of successful attacks. They often work together with blue teams, which are a separate group of incident responders charged with defending against the simulated attacks instituted by the red team in a way that represents the organization’s current security posture. Both teams hope to demonstrate how a hacker might get in, the impact and how well security defenses can withstand an attempted attack. In recent years, the concept of purple teams has also risen to the surface. A purple team can be a separate group of people, usually outside security consultants, who oversee red teams and blue teams. A single purple team might perform the functions of both red and blue teams or represent the need for integration between red team testing and blue team defenses. What does a red team member do? Most commonly, blue teams usually consist of security experts internal to the organization. On the other hand, red teams are hired as outside consultants who come in and conduct comprehensive security assessments using simulated cyberattacks. While their tactics likely include a penetration test, their work represents a broader scope that often addresses physical security considerations, employee understanding and network and endpoint vulnerabilities. Red team exercises are ideally done after initial pentests have already been conducted and applicable fixes applied. “A lot of guys on the team are lock pickers, or maybe you use RF (radio frequency) badge scanners,” Brazzell says of how their firm engages in red teaming. “Once inside, we see if maybe you can plug into an open port in a lobby, and then you analyze the wireless traffic. Maybe then we notice the local LAN isn’t segmented from the public, wireless LAN. Physical USB-type attacks, or Rubber Duckies as we like to call them, we’re still doing too, to see if we can’t compromise at least one workstation and then move laterally.” Critically crucial to every red team member is comprehensive security testing using tips and tricks they’ve learned over the years, along with buy-in and the necessary permissions from the organization’s upper management. Without permission, strategies become less ethical hacking and more criminal. With red teaming, “you really have to approach your objectives as an adversary would,” says Amyn Gilani, chief growth officer at Countercraft. “Of course, you also need to make sure you’re sponsored by the correct entities so you don’t get into trouble when you do break something or gain access to something that you shouldn’t have.” Another common component of red teaming is performing “tabletop exercises” together with the organization’s employees. In the exercise, a simulated cyberattack is executed, and then red team members can work with various areas of the organization on how to best handle the scenario. This includes the incident response team and designees from the organization’s legal, human resource...