Always custom-made

Red teaming keeps everyone on their toes

Cortex is recognized by the Ministry of Justice and Security

Contact Urgent

Detect and remediate vulnerabilities in your company’s security with red teaming

The security of your company may seem to be in order, but is it really? Red teaming is a widely used method to test the existing security measures and protocols within your company. We use various techniques and tactics to gain access to your company both digitally and physically. In this way, a red team tests the response to incidents within your security infrastructure and provides you with information about existing vulnerabilities as well as how to address them.

For whom

We conduct red teaming activities for, for example:

Publicly listed companies
Banks
Insurers
Law firms
Trading houses
Manufacturers and suppliers in the high-tech knowledge industry
Manufacturers and suppliers in the defense industry
Public institutions
Critical infrastructures

The meaning of red teaming

Red teaming is not only about testing vulnerabilities in digital networks. Testing the accessibility of secured areas is also an important part of it. Using various tactics, we gain access without being noticed. For example, by sending a forged email (phishing) that gives us access to digital systems. Or by penetrating even the most highly secured areas with a simply copied access card (tailgating). By regularly conducting red teaming exercises, you can proactively prevent corporate espionage or other types of damage.

Methodical approach

Together with you, we methodically map out the locations and processes that are most critical for your organization. After our planned attack on your digital and physical infrastructure, we inform you about the identified vulnerabilities. Below you will find some examples of the methods we use. Their application depends on your specific situation and is aimed at improving physical security and increasing the alertness of your employees.

Continuous Risk Assessment
We regularly carry out simulated attacks within your organization. These can be attack scenarios that you specifically provide to us, but also actions that we independently and unannounced execute. With our red teaming activities, we not only check the completeness of the existing security protocol, but especially its correct functioning in everyday practice. If we only test a specific part of your security posture, we call this a penetration test or pentest.

OSINT
We use all forms of publicly available information to get an overview of your company and employees. Do we see information that should actually be confidential? Do we find details about how your company premises are laid out? Can we find out online where your cameras are located? We map out all information that could be of interest to malicious parties for you. If desired, we can also expand the analysis to include research in less accessible or even non-public sources.
Phishing
We test your organization’s cyber resilience with malware in a planned cyberattack. The most well-known form, often targeting a large group, is email phishing containing a dangerous link; a (not obviously fake) email address can also be used. More targeted forms are spear phishing and whaling, aimed at a specific group or high-ranking individual. Other options include smishing (SMS phishing), vishing (voice phishing), social media phishing, and clone phishing. Even harder to detect are forms like pharming (placing a fake website in front of your own) and Man-in-the-Middle phishing (a fake WIFI network intercepts communication). The use of these methods does not cause damage to your company, but does lead to renewed alertness among your employees.

Tailgating
Any company that takes security seriously uses the well-known secured gates at the entrance, which open with the company’s own access pass. This feels safe, but is easy to manipulate. For example, by discreetly copying a pass hanging from someone’s belt while waiting in line at Starbucks. Or by convincingly joining a group entering with a pass. Much to our clients’ surprise, it often doesn’t take much effort for our mystery guest to penetrate deep into the secured building during a tailgating test and make direct contact with the network. This information is then used to tighten the security protocol.

Baiting
An apparently simple way to gain access is to leave manipulated items in the right place. For example, a set of keys ‘found’ in the parking garage and handed in at the reception desk. At first glance, it’s not clear who the keys belong to, but there is a USB stick attached, which the receptionist checks to see if it can help identify the owner. The software, now silently installed from the USB stick onto the network, opens digital doors. Our training in recognizing all forms of external manipulation makes your staff—and thus your company—more resistant to attacks from outside.

Crisis Management
You cannot prepare for when and how a crisis will occur, but you can prepare for how you will deal with it. From a process-based approach, we write your crisis management plan and train your crisis management team.

Intelligent Security

This is how we expose vulnerabilities and advise you on customized security measures to prevent recurrence. We therefore look not only at the physical forms of security, but also at the desired human behavior. We call this Intelligent Security.

Experienced team

Your safety at Cortex is in the hands of a large team of experienced specialists who have gained years of experience with many private and public clients, as well as with (specialist) units of the military and police. This includes senior security consultants, close protection officers, surveillance experts, driving instructors, security managers, security coordinators, private investigators, and crisis management experts.

24/7/365

Cortex is a Dutch company and operates 24/7/365 both nationally and internationally for a wide range of clients, varying from wealthy families to executive boards and boards of directors. From medium-sized businesses to multinationals. From ministries to local government agencies. You are most welcome!