Home  /  Empower and Protect  /  How to protect cyber red teams from blowing their cover.

How to protect cyber red teams from blowing their cover.

By Tom Badders •  June 17, 2020

Organizations employ red teams to stress-test the security of their IT systems and the personnel who use and manage them.  The red team may be an internal unit or they may be consultants engaged from the outside. In either case, the team takes on the persona of an adversary whose mission is to find, exploit, and report on vulnerabilities in systems and people under hostile real-world conditions.

The members of the red team use a portfolio of specialized tools and technologies to test, probe, and penetrate the perimeter.  Operating in stealth mode they work like commandos to break in and then move laterally through the organization’s networks to find and exploit valuable resources at risk.

Conducting these sensitive missions requires team members to hide their activity, mask their identities, and misattribute their location. For example, they might set up an environment that depicts them as an innocent web surfer in a completely different geographic region.

Once inside the network, the team makes every effort to stay under cover and blend into the background of the network’s normal routine operations.  They don’t want to reveal their presence or identity as they go through their exercise.  To succeed requires meticulous planning and careful preparation.

The problem is how easy it is for teams to give themselves away in spite of their best efforts.  Overlooking just a single element in their preparation can leave behind digital footprints, reveal their location, and even reveal their identity – to the organization that hired them as well as to bad actors on the internet.

Such a failure spoils the entire exercise, wasting months of planning and preparation, impairing the effectiveness of a team member or the entire team, and exposing them to risk from genuine cyber adversaries.

A relatively new solution for meeting this challenge is the virtual obfuscation network – a secure cloud-based network environment that lets team members move about on their own private internet, allowing them to approach and probe the target network undetected and paving the way for a successful incursion.

Telos Ghost is one of the leading offerings in this category, using multiple layers of encryption and dynamic IP routing to mask the operator’s movements.  Managed attribution capabilities let the team disguise their presence and create a convincing digital persona or “cover story” as they work.  In minutes, the team can spin up a pristine network that has never existed before – and when the mission is over, they can tear the network down and slip away without ever revealing themselves.

There’s more to the story of how Telos Ghost can protect red teams, penetration testers, and other cyber researchers as they go about their clandestine missions.  You can learn more from our new application note on protecting red teams.  And, for a deeper dive, take a look at our on-demand webinar, “Digital Disguises for Cyber Operations.”

Tom Badders

Tom Badders

Tom Badders is a Senior Product Manager at Telos Corporation. See full bio...

The Empower and Protect Blog brings you cybersecurity and information technology insights from top industry experts at Telos.

Leave a Reply

Your email address will not be published.

eleven + 8 =