Red Team Assessment

See how your people, processes, and technology stand up against an adversary who is committed to compromising your environment through any means necessary over a prolonged period of time.
Are you ready fora Red Team Assessment?

Ready for a Red Team Assessment?

If you’re wondering “Is it possible for an attacker to [insert threat here],” a red team assessment will give you the answer. While a purple team engagement is used to evaluate and bolster your blue team, a red team engagement is the final exam for your blue team. Organizations that are ready for a red team assessment have an established blue team and experience with penetration tests as well as phishing, vishing, wireless, and physical testing. Your defenses are ready for the ultimate test.

Our Approach

This engagement is executed against your entire attack surface. Our team (the red team) conducts reconnaissance, builds attack plans, and executes multi-vector attacks to achieve the established objective. This is a covert test, unknown to your team. 

Phase 1

Our team gathers open-source intelligence (OSINT) to identify a list of targets, including domains, networks, and websites. They review job postings, social media, blogs, public documents, and observe your physical locations and wireless networks.

  • Rules of engagement
  • Recon work
  • List of targets

Phase 2

The red team plans its attacks based on the established assessment objectives and the intel gathered during reconnaissance. Attack plans are provided to client leadership (the white team) before execution. Once approved, attacks are executed.

  • Selected targets
  • Attack plans
  • Attack execution

Phase 3

Once our team gains a foothold within your environment, they begin maneuvering toward the objectives. They leverage your tools and silently target and exploit systems as they advance toward the objective, making every effort to go undetected by your team. Once they achieve the objective, the assessment ends.

  • Environment compromise
  • System exploitation
  • Objective achieved

Phase 4

Our team delivers a detailed report to the white team that includes all attack plans, activities, and observations. It also provides a statement on the overall security posture of your organization and suggested remediation efforts.

  • Engagement observations
  • Statement on security posture
  • Remediation recommendations

Different from the Rest

At Focal Point, we take a different approach to managing cyber risk.

Tailored Objectives

We focus on the specific areas you want to evaluate and build objectives that put your defenses in these areas to the test. Our assessments are tailored to your unique needs.

Real-world Scenarios

We want to focus on the risks your company is actually facing. If you have a known threat actor posing a risk to your organization, we will build attack strategies that imitate this threat.

Wide Experience

Our team is skilled in all types of tests. Using this expertise, we link weaknesses together from across an entire attack surface to demonstrate tactics of a dedicated attacker.