That defenses are tested by attacks is now widely accepted by many organizations. For many years now, Red Team exercises have become an essential element in evaluating and improving the security of state-of-the-art IT infrastructures. In these exercises, one or more hackers simulate the behavior of an attacker and test for a set period of time both the security of a set of assets or users and the defensive capabilities of the organization’s security operations center (SOC), whose members must not know that the exercise is taking place.

The results obtained are reflected in a report containing one or more attack narratives and information on the weaknesses identified. This report is then used by the organization to improve security, minimizing the impact of future real attacks.

Red Team exercises are an excellent resource, not only for improving the organization’s defenses, but also for SOC personnel to face a realistic attack situation from which to learn, with the added benefit of being able to sit down with the attackers and discuss the play afterwards.