- 15 Nov
A red team is a team of cybersecurity professionals that excel in adversarial thinking and are tasked with attacking assets of a company with particular goal(s) in mind, and thereby, are assessing the company’s security controls, detection, and defensive capabilities. A red team can be external, and occasionally hired to do an assessment, or internal that is doing the assessments on a regular basis.
Having a successful internal red team goes a long way toward protecting customer and employee data, and yet, many companies struggle to get the most out of their red teams. A common challenge is transforming the red team’s findings into real-world security improvements. Red teams are often great at finding security flaws and holes in the environment, documenting and reporting the findings and opportunities for new detection capabilities, just to see most of their suggestions stuck in forever increasing backlogs of various teams. Some red teams go the extra mile to get the findings fixed themselves, but that is just more time taken away from doing their core work, executing adversarial simulations. In this talk, I will discuss how we solved this challenge at Google through a dedicated remediation program.