Red Team Assessment

The engagement time is longer than a standard penetration test.

The duration is influenced by factors such as the size of your organization, the number of systems and networks that need testing, and the type of testing being conducted. 

Payloads and exploit code will be customized and designed to bypass your specific anti-virus (AV) or endpoint detection and response (EDR) solution in place. This takes time to do correctly.  Whereas during a pen test, any payload would be allowed to bypass the technical controls in place due to time constraints.

You can expect to pay no less than $60,000 for a red team assessment. Though your final price will vary based on the size of your organization and the number of different goals selected.

A penetration test is performed by allowing testers into your environment with the goal being to identify and exploit vulnerabilities, whereas a red team assessment is performed with no “assumed” access and with a targeted goal of reaching high-value targets or systems such as executive workstations, code repositories, or financial information.

Red teaming and penetration testing also vary primarily in depth and scope. If you're already performing penetration tests and want to know how your people, network, and applications will withstand an unannounced attack, it may be worth it to invest in a red team assessment as well. 

Typically, reaching the “crown jewels” of an organization is the end goal or target for a red team assessment—this could mean proprietary information about products or source code, business plans, release timelines, or personally identifiable information (PII) about employees or customers.

We’ll test your ability to detect and respond to a threat attempting to exfiltrate any of the above, helping you also to develop a deep understanding of the technical and administrative process controls that protect your organization through this assessment of their effectiveness during incident response.  

Ultimately, any organization that wants to improve its security posture and discover vulnerabilities that only a third-party assessor can identify will gain from a red team engagement, but if you fall into one of the following categories, you could particularly benefit:

• Those with large and complex networks, such as multinational corporations, may have vulnerabilities that are difficult to detect without a comprehensive test like a red team engagement.
• Those with a mature security program could test the effectiveness of their robust previous control implementation efforts and identify any remaining gaps in their security program.