Detect and Respond

Red Teaming

Successful Red-Teaming Operations with thorough planning to create realistic adversarial simulations to improve resiliency against physical and cyber threats.

Challenges

Are we prepared for the risk posed by real attackers that get more and more sophisticated?

Organisations frequently operate under the assumption that as long as their computer systems are secure, information is secure. In an effort to strengthen the security of their computer systems, they often perform penetration tests – simulated attacks on computer systems aimed at identifying vulnerabilities that could materialise into real risks. However, in reality, attackers do not limit themselves to abusing the systems singled out for penetration tests or even any IT system in general. Today’s attackers are much more sophisticated. They combine different elements that go beyond computer systems, with the objective of finding the path of least resistance. As a consequence, due to their limited and fixed scope, penetration tests alone do not adequately address the risk posed by attackers and leave organisations vulnerable to realistic attacks.

A realistic attack generally addresses three elements of information security that are linked together: Physical security, Cybersecurity and Human security.

Especially, Human security is important to remember, as the vast majority of cyber breaches in recent years were caused by human behavioral issues – one of the weakest links that cannot be identified by penetration testing. Red teaming not only tests technical preventative controls, but also the human defence capabilities, which are not tested by traditional

Our approach

Red-Teaming Operations enable organisations to assess the readiness and awareness against realistic attacks through scenario-based controlled incidents that take all elements (physical, cyber and human) within an organisation into account.

Successful Red-Teaming Operations require thorough planning to create realistic adversarial simulations for an organisation. Random attacks with random objectives will not deliver adequate benefits. The best planning comes from an in-depth understanding of the business and the organisation, which then translates into realistic scenarios, combining risk and threat management approaches. As part of the planning phase, it is important to identify the key risks of an organisation. These are unique to each organisation and serve as a basis to create realistic scenario-based controlled incidents.

Our experience shows that successful Red-Teaming Operations are built upon the following phases:

  1. Preliminary phase​

    In order to start the process, we will gather insights into your organisation's threat landscape perspective. Our Cyber Threat Intelligence (CTI) team will support and collaborate with your organisation to produce an extensive and tailored cyber threat landscape report covering the relevant sector/industry in the countries deemed relevant. During this phase, our CTI team will also be able to offer advice and help to further mature your organisation’s existing CTI capabilities. This report will be used as the Generic Threat Landscape (GTL) report.

  2. Preparation phase​

    During this phase, your organisation prepares items such as describing the critical economic functions (CEFs) and forming the White Team.

  3. Testing phase​

    Our Threat Intelligence analysts will gather information about threat actors and their technical tactics and procedures (TTPs) relevant to your organisation. Combined with targeted intelligence, its critical economic functions (CEFs), systems, employees and infrastructure, the output will be a set of realistic scenarios that will be handed over to the Red Team. The Deloitte Red Team will mimic the threat actors and their TTPs. The scenarios are executed based on priority, attacking the human, physical and cyber element of your organisation, with the objective of reaching the end-goals of the scenarios. Afterwards, we facilitate a workshop and Purple-Teaming exercises to maximize knowledge transfer to your organisation's stakeholders.​

  1. Preliminary phase​
  2. Preparation phase​
  3. Testing phase​

In order to start the process, we will gather insights into your organisation's threat landscape perspective. Our Cyber Threat Intelligence (CTI) team will support and collaborate with your organisation to produce an extensive and tailored cyber threat landscape report covering the relevant sector/industry in the countries deemed relevant. During this phase, our CTI team will also be able to offer advice and help to further mature your organisation’s existing CTI capabilities. This report will be used as the Generic Threat Landscape (GTL) report.

During this phase, your organisation prepares items such as describing the critical economic functions (CEFs) and forming the White Team.

Our Threat Intelligence analysts will gather information about threat actors and their technical tactics and procedures (TTPs) relevant to your organisation. Combined with targeted intelligence, its critical economic functions (CEFs), systems, employees and infrastructure, the output will be a set of realistic scenarios that will be handed over to the Red Team. The Deloitte Red Team will mimic the threat actors and their TTPs. The scenarios are executed based on priority, attacking the human, physical and cyber element of your organisation, with the objective of reaching the end-goals of the scenarios. Afterwards, we facilitate a workshop and Purple-Teaming exercises to maximize knowledge transfer to your organisation's stakeholders.​

Red teaming exercises need to combine the right amount of technical and business understanding to become useful and representative. Therefore, a successful exercise outcome comes from working together and combining efforts and expertise of both, the red and the defending team. Working in such a collaborative setup enables outstanding red teaming exercises that matter, are focused, agile, cost-effective and as a result enhance defensive capabilities.

Why Deloitte?

Awarded market leaders

We strive to continuously lead the market in the area of cyber risk and security services. We are awarded and acknowledged by some of the most renowned institutions within the area of cyber, e.g. Gartner, ALM Intelligence and Forrester. In 2020, we were named global leader in Security Consulting Services for the 9th year in a row by Gartner.

Leading-edge technologies

We are committed to investing in innovation and emerging technologies to ensure that we are equipped with the latest tools to solve current and future challenges for our clients. Alliances with market-leading cyber vendors and groundbreaking startups around the world offer our clients access to a wide range of cyber-risk technologies and leading-edge technology innovation.

Global intelligence delivered locally

We have the largest professional services network in the world. Diversity across our cyber teams helps us work across the globe with a local and personal lens. We have over 8,600 dedicated cyber-risk service practitioners of which 1,300 are dedicated to Europe and the Middle East alone, ready to help our clients everywhere with any challenge.

End-to-end cyber-risk services

We cover every aspect of cyber risk — from advisory and implementation of strategic transformations to managed security services, product solutions and incident management. This enables us to deliver more resilient and silo-breaking solutions, taking the whole business chain into account. This helps our clients to leverage their potential and growth even more.

Reach out

Deloitte’s Red Teaming can help identify and improve vulnerabilities and strengthen the cybersecurity - are you ready to take control and fight back?

Rene Thomsen

Director