Has your company conducted several rounds of penetration testing, or has a mature IT security program? Then you are probably ready for the next generation security testing. In a traditional penetration test the scope is carefully defined and agreed upon with the customer before starting the test. Red team exercises differ from a traditional test in the way that “everything is allowed.”
Red team exercises do not have limitations when it comes to scope, and therefore cyber attacks can be realistically simulated. The test will use various threat scenarios to assess the effectiveness of the organization’s security measures. Both when it comes to technical solutions, internal procedures and staff.
The testing usually takes place over a prolonged period, and is conducted without notification to the organization or its suppliers. Only key people are informed.