SANS Webcast: Breaking Red - Understanding Threats through Red Teaming
ฝัง
- เผยแพร่เมื่อ 19 มี.ค. 2017
- Learn Red Teaming (2-Day Course): www.sans.org/sec564
Presented by: Joe Vest & James Tubberville
About: The term Red Team or Red Teaming has become more prevalent in the security industry. Both commercial and government organizations conduct "Red Team Exercises". What does this mean? What is a Red Team engagement? How is it different that other security tests? Isn't current penetration and vulnerability security testing enough?
Red Teaming share many of the fundamentals of other security testing types, yet focuses on specific scenarios and goals that are used to evaluate and measure an organization's overall security defense posture.
Organizations spend a great deal of time and money on the security of their systems. Red Teams have a unique goal of testing an organization's ability to detect, respond to, and recover from an attack. When properly conducted, Red Team activities can significantly contribute to the improvement an organization's security controls, help hone defensive capabilities, and measure the effectiveness of security operations.
This presentation introduces Red Teaming concepts and the new SANS Red Teaming course - SEC564 Red Team Operations and Threat Emulation
Good presentation but I'm thinking the definition of a red team should be expanded (slide 19). Seems to me training and simply 'seeing how well folks, tech, proc do' is a great reason for a red team but only part of it. I'm thinking, red team's can/should operate across the entire organization, seeing it through eyes of threat; whereas many other security programs box up the organization and then poke at the boxes (think arbitrarily defined system). Red teams should/do operating inside/outside/between these boxes. Thus, they see the gaps, trust relationships, etc. So I'm thinking the definition should be not only to perhaps "measure effectiveness" of defenses but to actually "identify risk" that will otherwise go unnoticed via other methodologies. Also, what do you think about incorporating some threat hunting into their mission - if we got in, perhaps someone else did too? Perhaps they are still there? Would we know? Just some thoughts.