Tim Medin, Founder & Principal ConsultantThe complex cybersecurity landscape is in constant flux. Amidst ever-increasing threats and data breaches, creating a defensive strategy is simply not good enough for modern enterprises. In fact, the proliferation of these technologies has opened up a Pandora’s Box of cyber risks, complete with evolving threats. Enterprises need to acquire and adopt better methods of securing data, in order to thwart these cyber attacks—it does not cut it anymore to be a “jack of all trades, and master of none.” Settling for an enterprise security solution provider that does not transcend the old saying is not the wisest decision for any company. Securing data however, is a task that demands experts—professionals who can quantify the risks associated with the business in their entirety. As an information security consulting company, Red Siege focuses on real world threats and helps companies identify vulnerabilities and add context to them. Red Siege’s core competencies include penetration testing and red teaming through which the company performs in-depth analysis, determines business risks, and finds vulnerabilities. “Our focus is on the data and the business processes so as to identify what data we have, where it resides, and where its current access control is. We believe in framing security around business needs and risks in order to bring out vulnerabilities in the context of the business,” asserts Tim Medin, founder and principal consultant with Red Siege.
Evaluating and testing how well an organization would fare in the face of a real attack is not just precautionary, but a necessity in today’s cyber world as attackers are constantly probing for new weaknesses and vulnerabilities in networks. Red Siege offers penetration testing and vulnerability assessments to report on the issues that have a real risk to an organization. The testing includes the vulnerability scans of the in-scope systems where the team experts manually verify issues and exploit them. As Penetration Testing is the commonly used security testing technique for web applications, Red Siege’s team leverages it to perform an in-depth analysis of the web application to find vulnerabilities related to misconfiguration, programming errors, and application architectural issues. The company also performs automated and manual runtime analysis of the application.
We believe in framing security around business needs and risks in order to bring out vulnerabilities in the context of the business
To overcome the limitations of penetration testing and test an organization’s detection and response capabilities, Red Siege conducts red team testing. The company offers Red Team Adversary Simulation, which is a goal-based assessment where the team enacts attack scenarios to reveal potential physical, hardware, software and human vulnerabilities just like a real world adversary. It includes external attacks and targeted phishing to demonstrate the real risk to the data into consideration. After penetrating and gaining access to the organization’s systems like an actual attacker, the team identifies key targets and utilizes the latest tools and techniques to avoid detection and determine vulnerabilities. After the discovery phase, they offer remediation assistance and re-testing. “It’s not only that we discover the vulnerabilities and give remediation, but we also provide ways to validate the fix in the place. The re-test is in our elegant, high-quality reports, which can be used by both management and technical professionals, tasked with resolving vulnerabilities,” explains Medin.
With a team of renowned experts, Red Siege aims to continue working towards uncovering more vulnerabilities in the networks, web applications, and mobile applications to prevent ever-increasing cyber attacks. The company also plans to add more talented members in the team and expand its global market reach into Europe and South America to grow exponentially. “Our biggest differentiator is that we don’t try to do everything, instead we believe in doing one thing and doing it perfectly. We focus exclusively on penetration testing and red teaming, and that’s what our passion is, and that’s what we do best,” states Medin.