Red Team Metrics

Red Team Metrics helps red teams consider customers’ core questions, identify relevant target metrics, analyze risk in adversary attack scenarios, assess outcomes, and communicate the risk issues and business impacts to the sponsor.

Red teaming (authorized, adversary-based assessment for defensive purposes) is a flexible tool that program managers and sponsors use to identify critical vulnerabilities; understand threat; deliver effective and secure components, systems, and plans; and consider alternative strategies and courses of action.

Because red teaming is applied in multiple problem domains and for different reasons, effective red teaming methods must be flexible and support customization. Red Team Metrics is one of several Sandia methods available to help customers achieve better results with red teaming.

The Red Team Metrics Process

Step one

The RED TEAM LEAD considers the customer’s core business questions, the types of red teaming involved, and types of relevant metrics to identify the set of targeted metrics needed for the assessment.

Step two

The RED TEAM applies the targeted metrics to their assessment process. The metrics inform the process by helping guide the assessment’s data collection, characterization, and analysis phases.

Step three

Risk is analyzed by the RED TEAM, based in part on the metrics identified and the data collected relative to them. The team analyzes the risk of various attack scenarios of one or more modeled adversaries.

Step four

Risk associated with various outcomes is assessed by the RED TEAM; a report is produced that communicates risk issues, supporting greater CUSTOMER understanding of business impacts.

Who Should Attend?

Red Team Metrics introduces a pragmatic approach to using assessment metrics and will be helpful to program managers whose work must fulfill its mission in the presence of goal-directed, adaptive adversaries. The training course will greatly benefit red teams, especially project leads, whose assessments must deliver understandable and defensible results.

Prior experience with red teaming and/or red teaming methods and processes is assumed and highly beneficial.

Why Red Team Metrics?

Of the little published work on red teaming, most addresses how to perform adversary-based assessments, knowledge and skills a red team would need.

In Sandia’s red team experience many of the biggest obstacles to successful assessments have more to do with why the assessment is needed, what the red team must deliver, who performs the assessment, and how the deliverables will be used to satisfy the assessment goals.

Sandia developed the Red Team Metrics concepts, methods, and materials to better equip red teams to deliver high-confidence analyses and communication products that effectively identify issues from the perspective of their sponsors or program managers who use adversary-based assessments.

The course introduces six classes of metrics that support red teaming: consequence, vulnerability, protection, adversary, attack, and threat-based metrics.

Top of page