"Red team" has become one of the most misused terms in cybersecurity. Vendors describe routine vulnerability scans as red teams; buyers request red teams when they actually need penetration tests. The confusion is expensive — organisations either overspend on engagements their security programme is not ready to benefit from, or underspend and miss the specific value each type of assessment delivers.
What a Penetration Test Actually Is
A penetration test is a structured, time-boxed assessment of a defined scope — a web application, a network range, a cloud environment — where testers attempt to identify and demonstrate exploitable vulnerabilities within that scope. The output is a comprehensive list of findings, typically severity-rated, with remediation guidance.
Penetration tests are designed to find vulnerabilities. They are not designed to test your ability to detect attacks, respond to incidents, or evaluate whether your controls work together in a realistic adversarial scenario. A penetration test tells you what is broken; it does not tell you whether you would have noticed an attacker exploiting it.
What a Red Team Engagement Actually Is
A red team engagement simulates a targeted attacker pursuing a specific objective against your organisation — typically gaining access to sensitive data, compromising critical infrastructure, or achieving a business-impactful goal. The scope is the entire organisation, not a defined technical perimeter. The team operates covertly, attempting to achieve their objective without triggering your defences.
The output of a red team engagement is not primarily a vulnerability list. It is an assessment of your detection and response capability — whether your security controls, processes, and people can identify and contain a realistic attacker. Findings inform both offensive security remediation and defensive capability improvement.
When to Choose a Penetration Test
Choose a penetration test when: you have a specific system or environment you need assessed for exploitable vulnerabilities; you need findings to drive a remediation roadmap; you have compliance requirements specifying penetration testing; or you are deploying a new application or environment and want security review before it goes live.
Penetration tests are appropriate for any organisational security maturity level. Early-stage programmes benefit from the comprehensive vulnerability inventory. Mature programmes use targeted penetration tests to validate specific environments or technologies.
When to Choose a Red Team Engagement
Choose a red team engagement when: you have a mature security programme with established detection and response capability that you want to validate; you want to understand whether your SOC would detect a realistic attacker; you need to test the effectiveness of specific controls under realistic attack conditions; or you want to identify gaps in your people, process, and technology that a vulnerability-focused assessment would not surface.
Red team engagements require a baseline of security maturity to be valuable. An organisation without endpoint detection, log centralisation, and an active security monitoring capability will find that a red team engagement simply demonstrates that a determined attacker can operate undetected — which is not a surprising finding and does not drive useful improvement.
The Hybrid Approach: Purple Teaming
Purple teaming — where offensive and defensive teams work collaboratively rather than in opposition — is increasingly the right choice for mature security programmes. The red team executes attack scenarios while the blue team (SOC) attempts to detect them; both teams then review detection gaps together and tune controls in real time.
Purple team engagements compress the time-to-improvement cycle significantly. Rather than discovering six months later that your EDR missed a specific lateral movement technique, you identify and fix the detection gap in the same engagement.
Making the Right Choice for Your Organisation
The right engagement type depends on where you are in your security maturity journey. UnlockSec's team conducts a brief scoping conversation with every prospective client to understand your programme's current state and recommend the engagement type that will deliver the most value — whether that is a targeted penetration test, a full red team operation, or a collaborative purple team exercise. Contact us to start the conversation.