• Back


QOMPLX OSINT Expert Joe Gray Quoted on Red Teaming

Joe Gray, Senior OSINT Specialist at QOMPLX was interviewed by Ericka Chickowski on the role of red team exercises  as part of 12 Hot Takes on How Red Teaming Takes Pen Testing to the Next Level.

The merits and flaws of pen testing are hotly debated. Pen testing is often restricted by equipment and rules of engagement; a pen test may not give the full picture. Red teaming is supposed to fill in those gaps, and provide a comprehensive view of a security situation.

“Organizations with an operational and tuned SOC can use such engagements to help identify flaws in processes and logic as opposed to software and hardware. More advanced techniques such as data exfiltration, establishing command and control (C2), and evading detection are more commonplace in red teaming than in penetration testing. Unlike a penetration test, red team engagements may last weeks or months as opposed to days or a couple of weeks,” says Joe Gray.

Other interviewees spoke on tactical vs. symptomatic issues, the benefits of having long-term red teams, and the interaction between pen testing and red teaming, among other topics.

Read the full article at Security Boulevard.

More News

Card image cap
In response to the ransomware scourge, QOMPLX offers free trial of its powerful attack surface management tool

Published Sep 15, 2021

Card image cap
The Data Analytics Report: Q&A with Alastair Speare-Cole

Published Sep 7, 2021

Card image cap
QOMPLX Reboots Punkspider

Published Jul 20, 2021

Card image cap
BLOOMBERG RADIO Jason Crabtree Interviewed by Paul Sweeney and Matt Miller

Published Jul 14, 2021