Digital attacks on organizations are taking place on a daily basis. An effective way to be prepared for them is to periodically have a simulated attack performed against your organization. As opposed to regular penetration tests which are focused on a very specific scope, a Red Team exercise helps to obtain a holistic view on the state of security of your organization’s digital infrastructure. Because techniques used by real threat actors are imitated, a Red Team exercise yields actionable results for various teams. As the aim of the exercise is broader than just identifying technical weaknesses, the Red Team can also gradually increase their noise in case they were not noticed by the defending Blue Team so they are trained to deal with them.

Why Orange Teaming

You might be wondering who are involved in such simulated attack. Probably you have heard of the Red Team, Blue Team and Purple Team, however the service states Orange Team! In addition to the Purple Team, the Orange Team adds the Engineering/Green Team in the evaluation of the exercise, increasing the synergy between the various teams and adding overall value to the assignment ¹.

Involving the Engineering/Green Team adds value because they have a deep understanding of how the digital infrastructure is set up, including knowledge on the technologies in use, setup of the network and authorizations to sensitive resources. With this knowledge they are a valuable addition to the discussion on how to improve the digital resilience of your organization, with the additional benefit that the evaluation session also inspires the Engineering/Green Team for the future to adopt the hacker mindset when doing their engineering work. This promotes the security-by-design approach in a very natural way.

Added value

Besides that it is a fun and intellectually challenging exercise, an Orange Team simulation yields a variety of fruits for everyone participating in the Orange Team evaluation session. In this educational session which takes place at the end of the exercise the time is taken to go through the timeline of the attack and discuss every milestone from the different perspectives:

• How the Red Team (attackers) managed to accomplish the milestone identifying an attack path from outside of your organization to the objectives;
• What the Blue Team (i.e. SOC, incident responders) have observed and brainstorm on how monitoring and response could perhaps be improved. During the session, parts of the attack can also be replayed to see which cues can be noticed;
• In what way the Green Team (e.g. administrators, cloud engineers, application developers) can potentially harden the environment and how to embed security by design in the development processes.

Offering

I have experience with the offensive, engineering and incident response side of an attack and throughout my career have performed an array of Red Team exercises in a variety of environments. After such Red Team exercise I have hosted Purple and Orange Team sessions which are always intense, but very educational and fun. As a result, everyone involved picks up their work again with new motivation and interesting insights on how to better attack, monitor and secure your organization’s infrastructures they are working on.

There are a variety of options of how to involve me in your organization:

• Hire me as a one-man Red Team to test the security of your organization and train your internal defense and engineering teams;
• Have me join your internal Red Team to have a fresh pair of eyes look at your digital infrastructure and exchange tips and tricks with the internal Red Team;
• If you are a consulting company providing Red Team services, incorporate me in your team as a white label Red Teamer to provide services to your clients.

If this description sparks your interest to either discuss more about Orange Teaming or to hire my expertise, let’s get in touch!

Reference