A successful defensive posture requires a comprehensive program of effective policies and governance, strong technical defences, and appropriate action by people. In a complex environment where technology is continuously evolving, and new attacker tradecraft appears regularly, organizations should periodically test their defences to identify gaps and to assess their readiness by conducting penetration testing.

Red Team exercises take a comprehensive approach at the full spectrum of organization policies, processes, and defences to improve organizational readiness, improve training for defensive practitioners, and inspect current performance levels. Independent Red Teams can provide valuable and objective insights about the existence of vulnerabilities and the efficacy of defences and mitigating controls already in place and even of those planned for future implementation.