Red teaming


Threat intelligence based ethical red teaming, or TIBER, is a framework for performing threat intelligence-based red teaming exercises. It is meant as a guide on how authorities, entities, threat intelligence and red teaming providers should work together to test and improve the cyber resilience of your organization by carrying out a controlled cyberattack. FalconForce is an experienced TIBER red teaming provider and has been involved in the design of the framework since its beginning. We are happy to provide the red and purple teaming parts of a TIBER exercise, or organize the complete TIBER exercise by partnering up with a trusted threat intelligence provider that focuses on the threat intelligence part.

Defensive capability workshop
Our approach to TIBER exercises is in line with the TIBER-EU or country-specific TIBER implementation (such as TIBER-NL or TIBER-DK).

In summary, the approach consists of:

  • Threat intelligence (TI): conducting a comprehensive threat intelligence assessment on your organization. Deliverables of this phase are a detailed targeting report and a threat intelligence report. These include suggested attack scenarios and a scenario X (an additional, creative scenario as backup). This part of the exercise is provided by our trusted TI provider, or another TI provider of your choice.
  • Red teaming: at the end of the TI phase, a handover to the FalconForce red team takes place. We take the TI results as input for a thorough red team test plan, detailing the attacker scenarios, targets, learning goals, leg-ups and risks to be taken into account. After extensive discussion with and approval of this plan by the white team, our offensive professionals take the approach of an adversary and perform a realistic cyber attack on your organization to reach pre-defined goals. This comprises of executing the attack scenarios, and – where feasible – scenario X. During the red teaming phase, we collaborate very closely with the white team to discuss progress, next steps, risks and opportunities. Results and recommendations are captured in an elaborate red team report. At the end of the red teaming phase, a blue teaming debrief is held to detail to the blue team on the results. Moreover, the red team report is discussed with your management, security and IT stakeholders.
  • Purple teaming: we believe that the ultimate objective of a TIBER exercise is to learn and enhance your cyber defensive capability. Therefore, we always facilitate at least one – but preferably two – purple teaming exercises as part of the TIBER exercise.

FalconForce is uniquely positioned to support your TIBER experience since:

  • We have been involved with the TIBER framework since the very beginning. Our team regularly spars with TIBER Cyber Teams (TCT) in various countries about further enhancing the TIBER framework.
  • Our team members are experienced security professionals that have been involved as red team operators, red team leads or red team managers in multiple TIBER projects.
  • We have both offensive and defensive experts in-house, and will actively involve both expertises in the TIBER exercise. Since we speak both the language of attackers and defenders, this will greatly enhance the collaboration and discussions on defensive improvements.
  • We can provide an integrated experience by teaming up with an outstanding threat intelligence provider, and oversee the complete exercise as one team.

“FalconForce has been described ‘as one the most important providers in TIBER.’”

Red teaming

Our other services

Adversary simulation

FalconForce non-TIBER red teaming exercises (aka adversary simulations) follow a systematic approach to prepare a custom exercise, to perform the exercise with the same TTPs as a real attacker would use and to debrief you on our observations and discuss learnings. A purple teaming exercise is always included in our approach, to maximize the learning effects for your organization.

Read more

Together. Secure. Today.

Get in touch with one of our professionals

Want to discuss your challenges in more detail or wondering what we can do for you? We are happy to meet you for a (virtual) coffee. Please get in touch!

FalconForce realizes ambitions by working closely with its customers in a methodical manner, improving their security in the digital domain.

Energieweg 3
3542 DZ Utrecht
The Netherlands

FalconForce B.V.
[email protected]
(+31) 85 044 93 34

KVK 76682307
BTW NL860745314B01