Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

At a recent Sydney luncheon, Trustwave sat down with a room of senior security leaders to dig into the evolving role of red and purple team testing in a modern technical security assurance program. The discussion was led by Trustwave's Craig Searle, Director of Consulting & Professional Services in Pacific at Trustwave and TJ Acton, Director of SpiderLabs Testing, Pacific. More than 20 Sydney-area security professionals attended the event at Restaurant Huberts.

As the world of cyber continues to change, threats aren’t just becoming more sophisticated, they’re becoming harder to detect. Whether it’s a well-planned attack that slips past your defences, or a known vulnerability in your system, the question is: how do you test your security before an attacker does? Two of the most effective approaches that Bulletproof offers are penetration testing and red teaming, and which one you choose depends on what your business is trying to achieve.

The best way to gauge the current state of an organization’s security posture is often with a blunt lesson, and a Red Team exercise might be the bluntest way to rip off the band-aid to see what security problems exist. That concept is the genesis behind the Trustwave SpiderLabs report Healthcare Sector Deep Dive: Unmasking Security Gaps.

Though 2024 may be behind us, many of the security threats and vulnerabilities that organizations faced last year remain. The CrowdStrike Professional Services Red Team tracks them all in its efforts to defend organizations against adversaries. The three most common exploitation paths we encountered were: In this blog, we break down these three critical exploitation paths, detailing how they occur and what steps organizations can take to mitigate them.

Generative AI is changing industries by making automation, creativity, and decision-making more powerful. But it also comes with security risks. AI models can be tricked into revealing information, generating harmful content, or spreading false data. To keep AI safe and trustworthy, experts use GenAI Red Teaming. This method is a structured way to test AI systems for weaknesses before they cause harm.

Are You Testing for Compliance or Preparing for Real Attacks? Cybersecurity isn’t just about checking boxes—it’s about staying ahead of threats. Many businesses rely on Penetration Testing (Pentesting) and Red Teaming to identify vulnerabilities. However, these traditional methods often assume that attackers play by the same rules as defenders. Reality has other plans.

As organizations race to adopt generative AI (GenAI) to drive efficiency and innovation, they face a new and urgent security challenge. While AI-driven tools and large language models (LLMs) open vast opportunities, they also introduce unique vulnerabilities that adversaries are quick to exploit. From data exposure to supply-chain risks, the potential for threats to AI systems is growing just as fast as the technology itself.

While no-one can predict if and when a cyber attack will take place, a red team exercise is as close as an organization can get to understanding its full level of preparedness. Red team exercises conducted by certified ethical hackers are key to uncovering hidden vulnerabilities and addressing them before they impact a company’s cyber resilience.