Rostelecom-Solar: Red Teaming

2020: Red Teaming service start

On May 20, 2020 the Rostelecom-Solar company announced start of service of Red Teaming within which simulation of cyber attacks to the customer's infrastructure with the subsequent efficiency analysis of the used processes and technologies of protection is made. Such format allows the customer not only to check in practice, but also to increase the level of readiness for the difficult purposeful attacks (ART).

As noted in Rostelecom-Solar, works can be carried out both on the existing customer's IT infrastructure, and on the test polygon copying it. During Red Teaming specialists Rostelecom-Solar apply the special techniques used by malefactors at the APT attacks and also own practices Rostelecom-Solar created "from scratch" under specific objectives of the customer.

"Earlier we carried out such works only on requests from key clients. Having studied requests of the market and having increased competences of Red Teaming implementation, we make this service available for a wide range of customers. Unlike classical testing for penetration (pentest) which is aimed only at detection of vulnerabilities, Red Teaming purpose – check of readiness of service cybersecurity of the customer to real cyber attack. The command attacking in this case has a bigger time stock and is not limited in means of achievement of the goal that allows it to imitate most precisely actions of the malefactor", Alexander Kolesov, the head of department of the analysis of security noted Rostelecom-Solar

The Red Team "Rostelecom-Solar" command works together with analysts of the center of monitoring and response to Solar JSOC cyberthreats, obtaining from them information on new technicians of the attacks, methods of concealment of harmful activity, effective acceptances of social engineering. All this allows the Red Team command most precisely to imitate actions of real cybergroupings. Thanks to it customers can check the actual readiness for reflection of the attacks high-frequency for their industry. It is especially important for the large organizations (banks, the energy industry enterprises, state structures and others) which are of interest to big hacker groupings, consider in Rostelecom-Solar.

Two options of carrying out Red Teaming are offered clients. The first – in a format of cyberexercises when the command attacking works openly and on each of attack stages jointly with a security service of the customer studies reaction options. As a result of these works the customer obtains data on how the security service or the center of monitoring can counteract certain vectors of threats. At the end of the cyberexercises the customer receives a detailed report which helps to make necessary corrections both to settings of means of protecting, and to processes of identification and response to incidents.

The second Red Teaming option is carried out in a format of cybertransactions when the security service does not know about check and thus it appears in the conditions as close as possible to reality. It allows to test possibilities of reaction and counteraction to unknown threat, to reveal "gaps" in security of the organization. Cyberexercises last on average 1-2 months, cybertransactions – about 3-6 months.

Red Teaming filled up a portfolio of services for the "attacking" security Rostelecom-Solar which for May, 2020 enter the analysis of security, testing for penetration and services in social engineering.