Red Cells Banner

Cordon Sanitaire Red Cells

A Red Cell is a component of Red Teaming. It comprises a team compiled to provide a scoped set of service comprising virtual, physical and social engineering adversarial tactics to test an organisations technical and or physical defences.

AYour own hacking team targeted to get to your weaknesses before the bad guys, providing a rolling program of continuous (non-destructive) probing of your organisations externally exposed surfaces backed by a real time remediation process.

This service is an inter-active service in close liason scoped and co-ordinated with internal organisational IT, with the strictest process and practice regime. Delivered as a one off or scheduled service. Done too often and these can be counterproductive, not allowing internal teams to implement and adapt to changes from findings. There is NO rule of thumb, each organisation has its own unique Cyber fingerprint and posture and each engagement is scoped to appropriately fit the threat profile for your organisation. There is NO benefit to anyone using disproportionate force or techniques. We aim to ensure:

  • Minimal impact on company resources, bandwidth and target systems
  • Pre-determined mitigation procedures
  • 24x7 contact & response during engagment

The service tests for known vulnerabilities across agreed organisational using qualified and experienced Penetration testers. A pen test (Penetration Test) is a security evaluation of an organisations IT infrastructure by trying to exploit known vulnerabilities in a controlled and non-destructive way. The vulnerabilities may exist in operating systems, services or applications due to coding flaws, improper configurations, conflicts or careless end-user behaviour. The tests will target:

  • Websites
  • Web Applications
  • Firewalls
  • Remote Access Gateways
  • Can extend into supply chain vendor interconnects and SCADA (Supervisory control and data acquisition) and IoT (Internet of Things) systems.

The Penetration tests identifies many risks for example:

  • Exposed Ports
  • Social engineering risk
  • Physical risks
  • 3rd Party Risks

Apart from identifying vulnerabilities the process acts as validation for the efficacy of defensive mechanisms and end-user adherence to security policies.

Health Warning - None of these activities are 100%, any organisation that professes this should be avoided. Each Penetration test and team has its own operational bias (irrespective of how 'great' they think they are). The US DARPA (Defence Advanced Research Projects Agency) suggest that on average each Red Cell/penetration testing team will only capture 40%, at best 50% of vulnerabilities. This is why it is important to cycle vendors delivering this service which will illustrate this point as each will find new vulnerabilities blind to the others. This is not a criticism of the teams, it is human nature, we all have blind spots. Automated solutions can be deceptive as they are predictable and known to competent threat actors.

Contact Us