Safeguarding Business Growth: A Successful Red Teaming Story

/in /by

Red Teaming

An exciting conversation about Red Teaming with Aggelos Karonis, Head of Technology, Information Security at Kaizen.

The Challenges

“Kaizen’s DNA revolves around continuous progress, which requires a stable base to build on. As Kaizen experiences rapid growth, we sometimes prioritize speed over security, making some assumptions. The truth is, when you rely mainly on assumptions about your organization’s security, it leaves you with a sense of uncertainty. You need to challenge and evaluate them to make sure you’re on the right security track. Additionally, we wanted to evaluate the effectiveness of the new security measures we had introduced with the engineering team and create a roadmap based on the results. Moreover, armed with the tangible evidence of security gaps and potential breaches uncovered by a Red Teaming exercise, we aimed to gain commitment from Top Management, secure budget allocation and obtain the necessary support.”

The Solution

“While periodic checks provide some level of assurance, bringing in different external partners occasionally to assess your infrastructure adds an extra layer of confidence; that’s why we rotate partners. In this case, we chose a Red Teaming exercise by the Hackcraft Red Team to bring to light gaps that go beyond the usual shortcomings such as policy gaps, by simulating real-world scenarios. With a strong reputation, a solid track record, deep expertise and established cooperation with many other organizations, this team is the one we wanted to collaborate with to provide us with a fresh perspective on our infrastructure.

Hackcraft experts’ immense enthusiasm for the project was exceptional: always ready to take advantage of all existing opportunities, agile towards any changes and prepared with backup plans to carry out alternative scenarios and attack paths. Their commitment to achieving goals that aligned seamlessly with ours was evident. Notably, each team member exhibited an ingrained attacker mindset, thinking from the perspective of the individual who may threaten our organization.

Moreover, the established relationship before the Red Teaming exercise started sets the Hackcraft Red Team apart. Thorough preparations, guidance on setting realistic goals and continuous communication during the exercise were instrumental. As an organization that provides 24/7 services, Kaizen prioritizes that our customers’ experience is never compromised. Therefore, I deeply appreciate the team’s practice of informing me before taking any action. This enabled me to maintain control throughout the exercise. In addition, it provided me with assurance that no mistakes, which could affect the quality of our services, would be made. Overall, it was an exceedingly positive experience for me.

Additionally, the detailed reporting we received after the Red Teaming exercise was outstanding. The report met the high standards we expect from top international groups. The technical superiority and expertise of the team also brought to light findings that we might have otherwise missed. The adept handling and finesse of the presentation process, coupled with the team’s ability to tailor their approach in order to cater to the specific requirements of both executive and technical teams, were noteworthy.  They also expertly handled challenging questions, demonstrating thorough preparation. Collaborating with Hackcraft experts was a game-changer for me and exceeded my expectations, providing the assurance I had been seeking.”

The Results

“Regarding the results, I’d like to highlight some important findings from this Red Teaming exercise. First, it’s essential to regularly revisit, rethink and review the assumptions we make to drive each organization forward. We can’t afford to let old assumptions persist without re-evaluating their validity and considering any necessary adjustments or additional controls. Second, it’s not sufficient to just have the best security solution or product. Proper configuration is crucial to ensure its effectiveness. Without it, even top-notch products will have a minimal impact on your organization’s security.

Two significant things have changed for us after Hackcraft Red Teaming. First, there has been a noticeable shift in our people’s mindset towards security, especially among those who are new. We’re making the most of it, leveraging opportunities, like Cyber Security Awareness Month in October, to incorporate insights from Hackcraft Red Teaming into our training sessions. The second change is that our technical teams have gained a deeper understanding of the impact of their actions on security. It’s been particularly eye-opening for those involved in infrastructure setup who previously may not have had the blue teaming mindset to harden this setup. Overall, we identified valuable opportunities for improvement within our security plan, underscoring the imperative to comprehensively review our well-established procedures, policies and exceptions, as well as to reevaluate some decisions made based on assumptions.”

About Red Teaming

“In all my discussions about Hackcraft Red Teaming, I always highlight the same point: Utilize these services and expertise to make your organization aware of potential threats. At various security conferences, I always point out that it’s not a matter of “if an incident will occur” but rather “when”. Therefore, it’s crucial to be prepared, have countermeasures and strive to delay potential threats. It’s important to remember that security professionals may hesitate to conduct large-scale exercises to identify weaknesses within an organization due to fear of exposure. This fear could lead them to downplay or embellish the findings. But here’s the thing: if we’re not honest about our findings during these exercises, we’re only setting ourselves up for trouble in the event of an actual incident. The consequences of a fundamental security breach won’t be sugar-coated, so it’s essential to confront the truth, no matter how uncomfortable. Even if it’s not a full Red Teaming engagement, any offensive security exercise that challenges their way of operating is essential. That’s why I firmly believe every organization should conduct Red Teaming exercises to the extent permitted by their capabilities and guided by their risk assessments, regardless of size or perceived risk tolerance. Hackcraft Red Teaming is the most holistic service an organization can receive.”

Social Media

Services

  • Security Assessment Services
  • Adversary Simulation

Contact

E-mail: [email protected]

Phone: +30.210.6855061

Address: 466 Irakliou Ave. & Kiprou, 141 22 Iraklio Attikis, Athens, Greece

© Copyright – HackCraft // Powered by Neurosoft

From One-Time to Recurring: Why Businesses Must Rethink Penetration Testingpenetration testing