Red Siege: Understanding Vulnerabilities in a Business Context
Follow Red Siege on :
Tim Medin, Founder & Principal Consultant
In the corporate landscape, securing data is of paramount importance since a single breach can result in massive loss of reputation and money. Organizations’ security and risk management leaders address this uphill task of protecting their companies from data breaches by hiring IT experts and introducing more stringent data regulations. However, in spite of such strenuous efforts, the volume of cyber attacks keeps rising while enterprises fail to completely quantify the risks associated with their business. To mitigate such challenges, Red Siege, an information security consulting company, assists organizations in identifying vulnerabilities and adding context to the vulnerabilities. Red Siege works with its clients to understand what data and processes are important to them. Security should always be framed around business needs and risks. “We work to understand what data or process, if stolen or damaged, would cause the greatest impact to the organization; we then frame the vulnerabilities in this context,” said Tim Medin, founder and principal consultant with Red Siege.
For businesses that regularly perform penetrating testing, Red Siege goes a step further by conducting red team testing, which tests the human defenders’ ability to detect or stop a breach once an intruder gains access. The firm recognizes its clients’ workflow and identifies associated vulnerabilities to present them in the context of the clients’ needs. Red Siege strives to simulate real-world threat actors. The company’s team penetrates an organization’s systems just as a real attacker would. After gaining access, they identify key targets and use the latest tools and techniques to avoid detection and determine vulnerabilities.
We try to understand the context of business processes and sensitive data of the clients to make them aware about the risks to which the business is exposed
Red Siege strives to understand their clients’ processes and risks, allowing the team to frame vulnerabilities in contexts relevant to each specific client. “We empower organizations to validate resolution of their vulnerabilities themselves. We provide guidance to ensure they can resolve the issues without needing additional support from us,” said Mike Saunders, a principal consultant with Red Siege. The firm prides itself on elegant, high-quality reports that can be used by both management and the technical professionals tasked with resolving vulnerabilities.
Red Siege is making great strides in the enterprise security sector, which can be best illustrated by many client success stories. One organization used Red Siege’s services to present better information about its security posture to its new CEO. Red Siege reviewed the client’s policies and procedures and examined their challenges related to operational security. Consequently, they performed a review of their policies and procedures as well as two different types of penetration tests—a perimeter penetration and an assumed breach test—to provide rich information to the executives.
Despite being a new player in the global market, Red Siege is gaining traction through its collaboration with various clients. “We would like to double the company’s size and continue to support growth and focus on what we are good at,” said Tim Medin. With the changing security landscape, the firm is optimistic about the growth and adoption of red team testing, as penetration testing might not be as effective as it once was. Red Siege’s team of renowned experts will further work toward identifying and preventing increasingly sophisticated cyber attacks.