Offensive Security Unbound: introducing Red Team Service

With new cyber threats exploding into existence and commandeering what we would normally consider to be well-defended networks, our concern was straight-forward: how do we provide more effective security measures for our TBG Security customers?

We decided to get down to brass tacks to figure out how we could elevate IT security to the next level.

Instead of offering spot checks at set times, what if TBG Security set up a team of accredited security professionals that could use the methods an attacker does to test a company’s security controls?

This approach, we all agreed, would offer a much more resilient offensive security.

Say hello to TBG’s Red Team Service

We’re proud to introduce TBG Security’s Red Team Service, an advanced offensive security service that has been expressly designed to mimic real-world attackers, from script kiddies to hacktivists all the way up to bespoke nation-state sponsored actors.

By taking a holistic view to security, we are much more able to mimic the true complexity of a real-life cyber attack. Just as nefarious actors might try to use social engineering tactics, taking advantage of open source intelligence, to gain access to confidential information, we too follow suit.

Of course one needs a lot of expertise and experience to provide this level of service. TBG Security’s Red Team doesn’t disappoint. Just look at the some of the team’s certifications:

  • Information System Security Professional (CISSP)(ISC)2
  • Offensive Security Certified Professional (OSCP)
  • Offensive Security Certified Expert (OSCE)
  • Certified Ethical Hacker (CEH)
  • GIAC Certified Intrusion Analyst (GCIA)
  • Certified Information Systems Auditor (CIA)
  • GIAC Certified Incident Handler, SANS Institute (GCIH)
  • Certified Cisco Network Associate, Cisco Systems (CCNA)
  • Microsoft Certified Systems Engineer, Microsoft (MCSE)
  • Splunk Certified Architect (SCA)

How the Red Team Service works

Effectively, the Read Team tests the customer’s susceptibility using real-world attack methods.

For instance, a Red Team “attack” might start with a cunning social engineering effort to gain access to valid user credentials. This might be done in person, via telephone, or even over email, attempting to dupe a member of the staff into providing credentials to an unauthorized agent (in this case, an undercover Red Team actor).

Once inside the system, the Red Team will use their combined knowledge to pivot laterally within the network to expand access and influence across the company systems. The Red Team might attempt to gain unauthorized access into the physical office space in order to uncover unknown vectors for attack, such as infiltrating the wireless network.

The point is for these white hat attacks to be as realistic as possible, striking unpredictably, just as a real-world attack would. The Red Team records everything they have uncovered for their clients, providing expert recommendations on remediation.

The key to this service is the always-on feature. With the service running continuously, the Red Team can provide immediate notifications of any new vulnerability, significantly decreasing your business’s risk.

“We are so proud to be launching this unique Red Team service,” said Ryan Hays, Security Engineer at TBG Security. “Not only does it provide better protection and security for our clients, it also challenges us to really think like a cyber criminal. This valuable insight will assist us in our development of new IT security tools and services.”

Learn more about TBG Security’s Red Team Service.

Previous ArticleYes, turning on multi-factor authentication (aka 2FA) is really important Next ArticleIoT and DDOS: security advice following the Marai botnet attack on Brian Krebs