Red Team Assessments

Test your ability to protect your most critical assets

Organizations can greatly improve their security posture by rethinking their approach from an attacker perspective—considering the relentless tactics attackers might use to gain access to your critical assets (data, people and systems). Mandiant helps organizations achieve this with two unique services designed to assess the strength of your security program: Red Team Assessments and Red Team for Security Operations.

Red Teaming Service Overview


Red Team Assessments focus on giving your security team practical experience combatting real cyber attacks. While avoiding business damaging tactics, these assessments use conventional and advanced attacker TTPs to target agreed-upon objectives. You define the attack objectives — usually worst-case business scenarios — and the Mandiant red team goes to work. The Mandiant red team goes through full attack lifecycle, from initial reconnaissance to mission completion. We offer two types of assessments: Red Team Operations and Red Team for Security Operations.

Red Team Operations test your internal security staff’s ability to safeguard critical assets. Using experience from the front lines of cyber attacks, our experts simulate the tactics, techniques and procedures of real world targeted attack, without the negative consequences.

Red Team for Security Operations, also known as a Purple Team, simulate targeted attack across each phase of the attack lifecycle – with the ability to simulate multiple attackers at each phase. A Mandiant incident responder works side by side with your internal security team as they work to detect and respond to the red team, providing coaching and evaluating your response (people, process and tools used) at every step.

Red Team Operations is ideal for organizations who want to test their ability to protect critical assets from targeted attack.

Red Team for Security Operations is ideal for organizations who want to coach their security teams to improve detection and response capabilities to targeted attack.

Comparing the two services

  Red Team Operations Red Team for Security Operations
Objective Test ability to protect key assets, such as executive email and customer data against targeted attack Evaluate detection, prevention and response capabilities
How it works Emulate real-world targeted attack, doing whatever is necessary to accomplish the goal Mandiant incident responder works with your security team, coaching along the way
Customer security team involvement Respond to targeted attack. Option for security team to know they are in exercise Respond to attack scenarios with Mandiant incident responder observing and coaching
  View Datasheet View Datasheet

Red Team Assessments can help you:

  • Get experience dealing with a real-world breach attempt (Red Teaming for Security Operations)
  • Determine the level of effort required to compromise your sensitive data
  • Reduce the time it takes for you to respond to events and incidents
  • Assess your security posture against a realistic, ‘no-holds-barred’ attack
  • Enhance your security team’s ability to prevent, detect and respond to real-world incidents
  • Identify and mitigate complex security vulnerabilities before an attacker exploits them
  • Get fact-based risk analyses and recommendations for improvement

What you get

  • A high-level summary for executive and senior level management with technical details that include enough information to recreate our findings
  • Fact-based risk analysis so you know a critical finding is relevant to your specific environment
  • Tactical recommendations for immediate improvement
  • Strategic recommendations for longer-term improvement

Related resources

Our approach

The Mandiant Red Team relies on a systematic, repeatable and reproducible methodology. We begin by establishing the following core information and rules of engagement, agreed upon in collaboration with the organization’s leadership team:

  • Does the red team begin its effort with information about your environment (white box) or with no information at all (black box)?
  • What intelligence does Mandiant already have about high-risk assets and vulnerabilities in your industry?
  • What objectives do you want the red team to accomplish in simulating a real-world attack?

Red Team Operations

After identifying objectives, the red team attempts to breach your environment, maintain persistence, escalate privileges, obtain access to key systems, generate fake data that emulates sensitive production data and simulate data theft. These assessments focus on non-disruptive, non-damaging tactics to achieve their objectives—as real attackers try their best not to disrupt their target’s operations because people ask questions when services go down.

Red Team for Security Operations

Red Team for Security Operations builds on Red Team Operations, using a step-by-step scenario-based exercise to test detect, prevent and respond capabilities at each phase of the attack lifecycle.

Mandiant Attack Lifecycle


We believe the Red Team for Security Operations service is the best way to assess the effectiveness of your security controls and ability to prevent, detect and respond to malicious activity where it matters most.