How does Red Teaming differ from a Penetration Test?

How does Red Teaming differ from a Penetration Test?

Jan 14, 2020

JUMPSEC Jargon Buster - Nikoo explains how Red Teaming differs from a Penetration Test.
There are a number of ways that a red teaming exercise differentiate from a pen test.
Firstly, the scope of standard penetration test is usually clearly defined with the goal to identify as many vulnerabilities as possible and attempt to exploit them on the stated targets during the engagement. Proper red teaming on the other hand typically has a wider or more general scope, and any targets relating to the company can be targeted. Red teaming is conducted as an advanced simulation exercise, designed to mimic real-world attacker-defender engagements with the goal of assessing the monitoring and defending capabilities of a blue team.
Secondly, the approach is different in terms of execution. Due to the short time window, a typical pen test relies on automation to enumerate information in order to save time for manual exploitation. This would generate a large amount of traffic noise. Whereas a red teaming exercise employs more advanced techniques to simulate an Advanced Persistent Threat attack. This requires significant planning, intelligence gathering, social engineering and detection avoidance to carry out a sophisticated red teaming attack.