Red Team
We will help you decide whether a red team assessment is what your organisation requires, and if so, how to best shape this to meet your strategic, operational and commercial needs.
Penetration Testing VS Red Teaming
Internal Infrastructure Penetration Test
The test is underpinned by vulnerability scans against a defined subset of devices and networks that makeup your estate, followed by attempts of exploitation.
A Wilbourne penetration test will look to chain vulnerabilities to identify a route to compromise your critical devices and information assets. Penetration tests are performed with the full knowledge and co-operation of those responsible for the scoped systems. Penetration tests do not aim to simulate a realistic adversary and do not test an organisation's ability to detect and respond to a threat.
Red Team
A red team engagement focuses on simulating the steps a real cyber threat actor would take to target your organisation whilst evading your SOC.
The scenarios that drive a red team assessment provide fewer boundaries, which translates to an opportunity to simulate cyber attacks in a much more realistic fashion. The results of a red team provide insights into your defence readiness, and crucially your detection and response to a real cyber breach.
Typical Scenarios for Red Teaming
Simulating a targeted series of bespoke phishing campaigns fuelled by open-source intelligence of your organisation.
Spear-Phishing
Determining the steps a rogue or compromised insider would take to compromise key information assets using corporate issued devices.
Malicious Insider
Demonstrating the actions that key third parties in your supply chain could perform to exceed their intended privileges.
Third-Party Compromise
Attempting to gain entry into your headquarters, regional offices and data centres, to then launch a cyber attack from within your premises.
Physical Social Engineering
What Controls Would You Like to Test?
GRC
DLP
Endpoint
Network
Security Awareness
SOC & IR
Based on the operational and commercial objectives of the exercise, you can select specific controls you would like to test the effectiveness of.
​
As an example, if your objective is to receive leadership buy-in to migrate to a new XDR solution, Endpoint, DLP and GRC controls will likely be of interest.
​
Based on the controls you prioritise, we will further shape the scenarios to reflect your needs, and ensure the messaging and language of all deliverables and workshops support your objectives.
The Client Experience:
Whiteboard
Session
We will collaborate with your CISO and Head of Information Security to understand your critical assets, applications, people and processes.
Our Technical USPs:
Extensive Experience
Our team has years of regulated red team experience which we apply to deliver realistic engagements.
In-house Red Team
We invest heavily in our internal capability, which is led by our internal CREST Certified Simulated Attack Specialist and Fellow.
CISO Enrichment
We have spent hundreds of hours with CISOs shaping the output of our red teams for steering committees and executive briefs.