Red Teaming is a goal-based adversarial testing process. It simulates an attack on your organization to measure how well your people, processes, and technologies can withstand a real-life attack situation.

We seek to compromise your organization’s most valued assets with a combination of (but not limited to) application and network penetration testing, role-based social engineering and client-side attacks.

Our holistic approach closely embodies the thought process of today’s adversaries when targeting an organization. We start with reconnaissance and, just as a sophisticated attacker would, explore all aspects of your security posture, including physical and network infrastructure, application security, business processes and human behavior. ­

As vulnerabilities are identified in a specific domain, we leverage a composite attack process that chains together seemingly separate or cross-domain vulnerabilities for a complete view of your risk. By encompassing a broad scope, it is possible to leverage the trust relationships between systems, devices, resources, people, and applications to compromise higher value assets.

Live-fire exercises mirror potential actions of a real-life adversary

Our red team attempts to gain access to your valuable assets, using a myriad of attack paths, such as:

• “Tailgating” or posing as employees or contractors to gain access to a physical workplace.
• Penetrating your network and applications to access and extract sensitive data.
• Phishing attempts using email, IM, and social media to gain employee trust.

Goal-based strategy demonstrates business impact

Vantage Point's Red Team goes beyond vulnerability discovery to show how threat agents could achieve their goals such as stealing data, siphoning funds, or otherwise causing harm to your business. This is done by leveraging vulnerabilities together in a composite attack just as real-world attackers do.

After a Red Teaming exercise, you’ll have a better understanding of your organization’s security posture as it relates to specific threat actors attacking a set of defined assets, and you’ll know where to focus your efforts for improvement.