The next generation of penetration testing represents a more collaborative approach to old fashioned Red Team vs. Blue Team. In 1992, the film Sneakers introduced the term “Red Team” into popular culture as actors Robert Redford, Sydney Poitier, Dan Aykroyd, David Strathairn, and River Phoenix portrayed a team of security experts who hire themselves out to organizations to test their security systems by attempting to hack them. This was a revolutionary concept at the time — the term “penetration test” didn’t even exist yet, and the idea of a friendly security team trying to break through a company’s defenses wasn’t exactly commonplace. Today, penetration testing is an important part of any cybersecurity system, and both internal and external Red Teams play a critical role in that process.
Attivo Networks announced industry validations that Attivo Networks deception effectively fools attackers. Validating deception’s ability to serve as a reliable security control for closing in-network detection gaps, the company has released results of a penetration test conducted by a top computer forensics company that specializes in penetration testing, announced the ThreatInject simulation tool for testing deception resiliency, and is embedding deception into the ISSA International Conference Capture the Flag (CTF) event. By creating an authentic synthetic network based on deception, organizations change the asymmetry on attackers by placing high-interaction traps and lures that efficiently reveal an attacker’s presence.