Leeds, 16th March 2021, cybersecurity consultancy, Pentest People, has announced its new Red Team Assessment Service which is designed to help organisations to improve their defences against advanced persistent threats. The new service simulates an attack across multiple vectors to identify where an organisation’s defences are sufficiently robust and highlight which areas can be strengthened to deflect determined, well-resourced attackers.
In a routine penetration test, organisations commission Pentest People’s cybersecurity experts to test their websites, applications and IT systems for any weaknesses that could allow cybercriminals to steal information, damage IT systems, or hold data to ransom.
The new Red Team Assessment Service comprises an expanded penetration test across a broader range of attack points that is tailored to each organisation’s risks and which mimics the actions of a sustained attack on an organisation’s IT systems, cloud services, web applications, physical premises and people. The broader scope of the Red Team Assessment Service is especially useful for organisations that manage critical infrastructure, or financial systems and comply with CBEST testing of operational resilience. Following their assessment, organisations are provided with actionable points to improve their security.
Commenting on the new service, former soldier, Dave Benson, security consultant at Pentest People said, “By applying the combined expertise of our web application, cloud service, infrastructure, and social engineering consultants, our Red Team Assessment Service is designed to test whether an organisation can withstand a full-scale cyberattack. It acts like a dress rehearsal, to help organisations to be better prepared in the face of a real attack.”
The Red Team Assessment Service uses proprietary security tools, written by Pentest People’s security researchers, which makes use of APIs created during numerous open source intelligence (OSINT) assignments.
The service also tests how well-prepared employees are to thwart targeted attacks.
“Training is a great first line of defence. In spite of all the layers of technology that organisations implement to protect their systems and data, the majority of breaches can be traced back to a person who clicked on a link, unlocked a security gate to a stranger, or gave away company secrets over the phone or social media. Social engineering is still a powerful weapon in the wrong hands, particularly in the UK, where we’re too polite for our own security,” says Benson.