Commentary from the Dow Jones Cybersecurity Newsletter

Many organizations conduct ‘red team’ cybersecurity exercises where consultants take on the role of attackers attempting to infiltrate the network. Palantir Technologies did just that late last year — we know because the report showing the ‘attackers’ gained complete administrative control of the network was leaked to BuzzFeed News.
In some ways, red team exercises can seem a waste of time and money. First (spoiler alert!), the attackers almost always win. If they don’t, it is because the engagement wasn’t long enough or the scope was overly restricted. Real attackers face neither of those limitations. Second, security teams can plug some security holes identified (patches often exist and have simply not been applied), but others issues such as employees being phished for credentials cannot be fixed. Finally, how can organizations be certain that real threat actors will deploy the same techniques? Are the right holes fixed?
The real value in red team exercises comes from involving the in-house security team. Demonstrating the techniques used to compromise the network shows the ways in which threat actors operate and, importantly, helps analysts find the traces attackers inevitably leave behind. Sharing this knowledge makes the exercise a positive experience rather than leaving network defenders feeling inadequate. Educating analysts and raising awareness of hacker tradecraft should be the aim, otherwise your network is being used as a playground for consultant hackers.

**This article was originally published as part of the Dow Jones Cybersecurity Newsletter, a weekly digest of news with commentary and analysis. Sign up for free at**