• info@securelayer7.net


Red Team Assessments focus on giving your security team practical experience combatting real cyber attacks. While avoiding business damaging tactics, these assessments use conventional and advanced attacker TTPs to target agreed-upon objectives. You define the attack objectives — usually worst-case business scenarios — and the Mandiant red team goes to work. The Mandiant red team goes through full attack lifecycle, from initial reconnaissance to mission completion.

Red Team Operations test your internal security staff's ability to safeguard critical assets. Using experience from the front lines of cyber attacks, our experts simulate the tactics, techniques and procedures of real world targeted attack, without the negative consequences.

Red Team for Security Operations, also known as a Purple Team, simulate targeted attack across each phase of the attack lifecycle – with the ability to simulate multiple attackers at each phase. A Mandiant incident responder works side by side with your internal security team as they work to detect and respond to the red team, providing coaching and evaluating your response (people, process and tools used) at every step.

Red Team Operations is ideal for organizations who want to test their ability to protect critical assets from targeted attack.

Red Team for Security Operations is ideal for organizations who want to coach their security teams to improve detection and response capabilities to targeted attack.

Make an Enquiry

Comparing the two services

Red Team Operations Red Team for Security Operations
OBJECTIVE Test ability to protect key assets, such as executive email and customer data against targeted attack Evaluate detect, prevent and respond capabilities
HOW IT WORKS? Emulate real-world targeted attack, doing whatever is necessary to accomplish the goal Mandiant incident responder works with your security team, coaching along the way
Customer security team involvement Respond to targeted attack. Option for security team to know they are in exercise Respond to attack scenarios with Mandiant incident responder observing and coaching
View Datasheet View Datasheet

Red Team Assessments can help you:

Get experience dealing with a real-world breach attempt (Red Teaming for Security Operations)
Determine the level of effort required to compromise your sensitive data
Reduce the time it takes for you to respond to events and incidents
Assess your security posture against a realistic, 'no-holds-barred' attack
Enhance your security team's ability to prevent, detect and respond to real-world incidents
Identify and mitigate complex security vulnerabilities before an attacker exploits them
Get fact-based risk analyses and recommendations for improvement

What you get is

A high-level summary for executive and senior level management with technical details that include enough information to recreate our findings

Fact-based risk analysis so you know a critical finding is relevant to your specific environment

Tactical recommendations for immediate improvement

Strategic recommendations for longer-term improvement

Related resources


Determining a plan of attack


Determining a plan of attack


Rise of Red Team Operations

Our approach

The Mandiant Red Team relies on a systematic, repeatable and reproducible methodology. We begin by establishing the following core information and rules of engagement, agreed upon in collaboration with the organization's leadership team:

Red Team Operations

After identifying objectives, the red team attempts to breach your environment, maintain persistence, escalate privileges, obtain access to key systems, generate fake data that emulates sensitive production data and simulate data theft. These assessments focus on non-disruptive, non-damaging tactics to achieve their objectives—as real attackers try their best not to disrupt their target's operations because people ask questions when services go down.

Red Team for Security Operations

Red Team for Security Operations builds on Red Team Operations, using a step-by-step scenario-based exercise to test detect, prevent and respond capabilities at each phase of the attack lifecycle.

Attack Lifecycle


Sample evaluation of client capabilities