Penetration testing is a blue team method while adversary emulation is a red team method, but two have the same goal of identifying vulnerabilities. They’re both security assessment methods that are used to improve security of an organization and are focused on identifying individual vulnerabilities with different techniques.
However, there are slight differences between penetration testing and adversary emulation. Penetration testing focuses on short term goal of identifying current issues or vulnerabilities with the network and its devices and nothing more. But red team engagement is a long term assessment that emulate how adversaries would attack and how they would take advantage of the vulnerabilities and what they would do afterwards. This is why adversary emulation takes longer time frame to execute compared to penetration testing that are done rather quickly. Adversary emulation requires steps like gathering threat intelligence, extracting techniques from intelligence, analyzing their methods and tools, and emulating the adversary to see what is possible and what impact it can have to an organization. While penetration testing identifies vulnerabilities, it doesn’t properly test things like response tools. Adversary emulation is a great way to test your system’s response as well as your organization’s security team’s reaction. Note that security controls aren’t just system based and is also people based.
HansITAcademy 