Red team

The red team behaves like hackers who attempt to find and exploit any potential loopholes inside a business network. Red teamers are known to use a wide range of conventional as well as unconventional techniques to uncover flaws in technology, people, and processes. Hence, usually, such a skill set would exist outside the scope of that of a blue team. However, for the sake of understanding, let’s briefly touch upon this role.

A red team’s mission consists of searching for known vulnerabilities that have already been disclosed and have a Common Vulnerabilities and Exposures (CVE) ID. They perform penetration tests on the business network infrastructure to discover unknown security loopholes. These teams may also test the wireless and IoT networks, along with the endpoint devices, such as laptops, PCs, mobiles, tablets, and more. Hardware penetration testing is performed on IoT wearables and devices that utilize Bluetooth. The hackers in red teams may try to social engineer the employees of their organization. These kinds of hackers are often assigned aliases to operate on the company’s premises. They are very crucial in detecting as well as suggesting the security controls required to patch the security breaches that occur through a lack of physical measures in place. Endpoints and mobile devices are also covered in their scope of penetration or intrusion tests.

The detailed responsibilities of a red team are beyond the scope of this chapter. However, it is important to note that typically, the red team and the blue team work in tandem. Some of the areas where they work together are as follows:

• Creating a network topology/hierarchy map of the business’s network infrastructure so that they can analyze the number of hosts running, as well as their statuses
• Assessing the services running and the open ports on those systems
• Identifying the vendor, firmware, and OS details among other relevant equipment parameters
• Identifying and exploiting the CVEs in servers, hubs, firewalls, routers, L2/L3 switches, Wi-Fi access points, and other network equipment
• Hacking various kinds of physical security controls, such as glass doors, digital locks, CCTV networks, and sometimes the security personnel as well

In some organizations, it may also be wise to set up a bug bounty program. A bug bounty is either a sum of money or goodies paid or provided to ethical hackers. Hackers throughout the world are on the lookout for defects and, in some circumstances, make a living doing so. Many websites, organizations, and software companies provide bug bounty programs in which users can be recognized and compensated for reporting bugs, particularly those related to business logic vulnerabilities and network security exploits. Bug bounties are created by companies to reward independent bug bounty hunters who find security flaws and weaknesses in systems. Companies pay bounty hunters to find security flaws and report them ethically and responsibly before they can be exploited or monetized by cyber threat actors. Bounty programs are frequently used in conjunction with regular penetration testing to allow enterprises to assess the security of their apps throughout their development life cycle. Bug bounty schemes enable businesses to use the hacker community to continually enhance the security posture of their systems. Bounty schemes attract a diverse group of hackers with various skill sets and expertise, offering firms an advantage over vulnerability assessments, which rely on inexperienced security personnel. Hence, instead of one individual or one team working on attacking the defenses of an organization, the collective power of the crowd benefits the organization.