• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Security  /  What is a Red Team Assessment and why does RBI endorse it?
red-team-assessment
25 September 2018

What is a Red Team Assessment and why does RBI endorse it?

Written by Seqrite
Seqrite
Security
  • 8
    Shares
1
Estimated reading time: 3 minutes

When it comes to cybersecurity for enterprises, one sector that finds itself at a lot of risk is the banking sector. Banks conduct financial transactions which can be worth millions in value every single day which mean they present a very alluring target for a cyberattack. The frequency of these attacks on banks is only increasing and it is vital that banks recognize the risks in the environment in which they operate in. One potential solution is running Red Team Assessments.

Red Team Assessment is basically a mock trial of how well your people, processes, and technology are prepared to handle real-world cyber-attacks. In a red team exercise, highly trained security consultants attempt to breach the security of the organization to expose potential physical, hardware, software and human vulnerabilities.

Importance of Red Team Assessment

A comprehensive Red Team exercise will expose vulnerabilities and risks regarding

  • Networks, applications, switches, mobile devices
  • Social engineering (onsite, telephone, email/text, chat)
  • Physical attacks (pen-drive bypass, camera evasion, alarm bypass, Wi-Fi attack etc.)

The purpose of red team assessment is to identify how real-world attackers can exploit major or even seemingly minor loopholes to breach your IT security. It is an effective way to showcase that deploying the most robust firewall would mean nothing if an attacker can tailgate his way to your data center and walk away with an unencrypted hard drive with critical business information.

These simulated attacks are conducted using highly advanced techniques to test systems for vulnerabilities and exploitable configuration errors. Unlike conventional attacks where a hacker only needs to find a single vulnerability, these Red Team attacks are comprehensive and can uncover all the issues in your cybersecurity defence, which can then be addressed immediately.

By simulating a false-flag attack, an organization can actually get a fresh perspective of their defences. While those who work within the organization may have a more structured and defined idea about their security measures, a malicious hacker may approach the task with a completely different point of view. By conducting a Red Team attack, a fresh set of eyes can analyze an organization’s defences and potentially flag vulnerabilities, which may have not been spotted earlier.

What does the RBI say?

In fact, even the Reserve Bank of India (RBI), India’s central banking institution, has endorsed the use of Red Team Assessments. In RBI’s circular on June 2016, the institution called for a cyber security framework in banks and laid down a list of advisories to take. Under the Vulnerability Assessment and Penetration Test and Red Team Exercises, this is what the RBI advised:

  • 1 Periodically conduct vulnerability assessment and penetration testing exercises for all the critical systems, particularly those facing the internet.
  • 2 The vulnerabilities detected are to be remedied promptly in terms of the bank’s risk management/treatment framework so as to avoid exploitation of such vulnerabilities.
  • 3 Penetration testing of public facing systems as well as other critical applications are to be carried out by professionally qualified teams.
  • 4 Findings of VA/PT and the follow up actions necessitated are to be monitored closely by the Information Security/Information Technology Audit team as well as Senior/Top Management.
  • 5 Red Teams may be used to identify the vulnerabilities and the business risk, assess the efficacy of the defences and check the mitigating controls already in place by simulating the objectives and actions of an attacker.
  • 6 Periodically and actively participate in cyber drills conducted under the aegis of Cert-IN, IDRBT etc

Organizations can consider Seqrite Services for proactively protecting their IT assets and to respond against cybersecurity threats. Apart from cybersecurity, governance & risk assessments, Cyber Threat Intelligence, Cyber Incident Response, Seqrite Services also offers Red Team Audit which includes Readiness Assessments, Red Team Assessments and War Games.

As an IT security partner for your business, Seqrite provides comprehensive security from advanced cyber threats. To know more

 Previous PostThe Big Question – Internet of Things or Internet of Threat...
Next Post  Emerging trend of spreading malware through IQY files
Seqrite
About Seqrite

Follow us for the latest updates and insights related to security for enterprise networks. Subscribe to our newsletter to stay...

Articles by Seqrite »

Related Posts

  • Is your Router exposed to cyber threats

    Is your router exposed to cyber threats? Here is how to safeguard it.

    July 30, 2020
  • Snake ransomware stings to spread its venom in the veins of enterprise networks.

    Snake Ransomware brings impending doom to enterprise networks

    July 10, 2020
  • APT harbingers are using Honey Traps to attack Indian Defence.

    Operation ‘Honey Trap’: APT36 Targets Defence Organizations in India

    July 8, 2020

1 Comment

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

  1. Sunidhi Singh Reply to Sunidhi to Sunidhi Singh'> Reply to Sunidhi
    October 2, 2018 at 7:52 PM

    Thanks for sharing the descriptive information on Cyber Security.It’s really helpful to me since I’m taking Cyber Security Training. Keep doing the good work.

Popular Posts

  • The Data breach inferno burning big-ticket businesses The Data breach inferno burning big-ticket businesses February 5, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond Turn the Page: Cybersecurity Predictions for 2021 & beyond February 18, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks Pharma Sector needs to streamline its insides to avoid cyberattacks February 12, 2021

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • Businesses now worried about the surge in COVID-19 infodemic

    Businesses now worried about the surge in COVID-19 infodemic

    February 26, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond

    Turn the Page: Cybersecurity Predictions for 2021 & beyond

    February 18, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks

    Pharma Sector needs to streamline its insides to avoid cyberattacks

    February 12, 2021

Stay Updated!

Topics

Antivirus For Linux (10) apt (9) BYOD (9) COVID-19 (10) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (279) cyber security (25) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (102) Enterprise security (14) EPS (9) Exploit (12) firewall (11) hackers (9) IoT (10) malware (58) malware attack (22) malware attacks (12) MDM (25) mobile device management (9) Network security (18) Patch Management (12) phishing (16) Ransomware (56) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite MobiSMART
  • Unified Threat Management
  • Seqrite Secure Web Gateway
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.