Physical Security Red Team
Overview of a physical security red team and our own red team known as ESIT (Eclectic Security Infiltration Team)
Many companies spend time and resources focusing on security controls to safeguard their computer networks from cyber threats. Of course this is important but often physical security gets overlooked as a result which can have significant implications. A Physical Security Red Team can help security management realise vulnerabilities and save them money by highlighting the areas where the security budget should concentrate.
Security breaches occur when a vulnerability in a current system is realised by an attacker. This could be an opportunist who acts quickly when presented with the opportunity or it could be planned in advance by more sophisticated attackers.
Any security breach could have a significant impact on a company. Hard assets or intellectual property may be stolen or damaged, personnel could be subject to physical attack. All in all a security breach could have costly implications not just financially but also to a companies reputation.
Physical security infiltration testing – How a red team can be essential to a companies overall security.
Physical security infiltration testing commonly known as penetration testing provides realistic overviews of the effectiveness for current security measures.
Primary objectives of a test include assessing the ability of current physical security measures to prevent infiltration by attackers. It will assess these measures to determine their efficacy and discover any vulnerabilities which could be exploited.
Red Teams are specialists that simulate these attacks. Eclectic Security’s red team is known as ESIT (Eclectic Security Infiltration Team). Each team member is highly trained and experienced in the techniques used by professional attackers to infiltrate secure environments.
ESIT will rigorously test the ability of an organisation’s existing security methods. Our Team will also determine if:
- Alarms, CCTV, locked doors, windows and other access control points can be bypassed using a range of techniques.
- Areas of the facility are approachable without detection. Blind spots with incorrectly installed CCTV is a common security issue at many establishments.
- Security policies are adhered to after the facility has closed for the day. Tests will be carried out at different times to give an accurate picture of the complete physical security system. Staff will be tested, especially any security personnel such as guards. All too often the weakest aspect of security is the human element.
- How long an intruder can wander around a facility before they are questioned on who they are, what they are doing and how they entered the facility..
- How deep into the facility we can penetrate. Whilst in we will determine the possibility of access to secure files or other assets which should be securely locked away.
A bit more about ESIT
ESIT specialise in physically gaining entry into secure areas. We use a range of techniques commonly deployed by seasoned attackers and some less well known methods. All our team have former military backgrounds with a wide range of security skills. Some of these skills are unique but all bring value to an infiltration test. All team members have been fully trained as locksmiths and all specialise in non destructive entry techniques. We have a wide selection of tools, specialist equipment and tricks to use when gaining entry. Our team will also look for areas vulnerable to destructive entry techniques and will highlight them in our final report, however we will not damage property ourselves during a test.
Who we work with
There are many cyber security penetration testing companies who offer a red team service. Some of these companies do have a grasp of basic physical security attack methods but in our experience we have noticed that many are using basic methods. They tend to be focusing on Social engineering to gain entry to a facility rather than physical attack methods. We have also noticed that many cyber pen testers do not like to leave their comfort zone when red teaming. They do not like to be wet, cold or dirty and this can limit the reality and the range of attacks that can be simulated on a facility.
Eclectic Security do not specialise in cyber security, we leave that to the experts in that field however we do work with cyber security pen testers who want to offer a professional physical security penetration test as part of their service. We also work alongside professional Social engineers who specialise in the human factor of security.
By working with companies and individuals who focus on their specialist areas we can offer a complete and truly robust assessment of any organisations complete security system.
Working with ESIT
If you are a Cyber penetration (Pen) tester or social engineer and would like to know more about ESIT or would like to discuss working with us please get in touch. We would be happy to hear from you.