Pentest People has announced its new Red Team Assessment Service which is designed to help organizations to improve their defences against advanced persistent threats.
The new service simulates an attack across multiple vectors to identify where an organization’s defences are sufficiently robust and highlight which areas can be strengthened to deflect determined, well-resourced attackers.
In a routine penetration test, organizations commission Pentest People’s cybersecurity experts to test their websites, applications and IT systems for any weaknesses that could allow cybercriminals to steal information, damage IT systems, or hold data to ransom.
The new Red Team Assessment Service comprises an expanded penetration test across a broader range of attack points that is tailored to each organization’s risks and which mimics the actions of a sustained attack on an organization’s IT systems, cloud services, web applications, physical premises and people.
The broader scope of the Red Team Assessment Service is especially useful for organizations that manage critical infrastructure, or financial systems and comply with CBEST testing of operational resilience. Following their assessment, organizations are provided with actionable points to improve their security.
Commenting on the new service, former soldier, Dave Benson, security consultant at Pentest People said, “By applying the combined expertise of our web application, cloud service, infrastructure, and social engineering consultants, our Red Team Assessment Service is designed to test whether an organization can withstand a full-scale cyberattack.
It acts like a dress rehearsal, to help organizations to be better prepared in the face of a real attack.”
The Red Team Assessment Service uses proprietary security tools, written by Pentest People’s security researchers, which makes use of application programming interfaces (APIs) created during numerous open source intelligence (OSINT) assignments.
The service also tests how well-prepared employees are to thwart targeted attacks.
“Training is a great first line of defence. In spite of all the layers of technology that organizations implement to protect their systems and data, the majority of breaches can be traced back to a person who clicked on a link, unlocked a security gate to a stranger, or gave away company secrets over the phone or social media.
“Social engineering is still a powerful weapon in the wrong hands, particularly in the UK, where we’re too polite for our own security,” says Benson.