Skip to content
arrow-alt-circle-up icon

Cyber Incident Call

arrow-alt-circle-up icon

00800 1744 0000

arrow-alt-circle-up icon

ART (Advanced Red Teaming)

Elevate your cyber resilience from workplace to boardroom

We perform realistic simulations of cyber threat actors breaching their way to your organisation’s most critical assets, with the goal to improve cyber resilience in terms of business, bytes, and behaviour.

 You gain insights into the most vulnerable parts of your organisation, including how they can be abused by threat actors, what the impact can be, and how to fix them.

 Your specialists get the most realistic training in responding swiftly and adequately to cyber threats that are relevant to your organisation.

 We have extensive experience in integrating realistic crisis management exercise (Gold Teaming) into a Red Teaming exercise, resulting in an all-round cyber exercise which can test your plans and procedures while training your people on their skills.

 We provide you with clear, actionable advice on countermeasures at strategical, tactical, and operational levels to reduce risks for your organisation.

Our red team Will Put You To The Test

Our red team performs threat intelligence based ethical Red-Teaming assignments based on the Advanced Red Teaming (ART) framework, governed by and in cooperation with the relevant authority.

The ART framework is a more modular adaptation of the TIBER-NL framework. It allows non-financial institutions to implement the structured and threat-intel driven approach of TIBER (Threat Intelligence Based Ethical Red teaming). Depending on the desired number of attack scenario’s, depth of Threat Intelligence, and inclusion of phases like Gold- or Purple Teaming , our red team executes a tailor-made cyber-attack on your organisation. Our red team simulates your biggest threats, breaching their way through your organisation, achieving all objectives (or so-called compromise actions or “flags”). The simulation gives your organisation maximum insight of what it is like to be under attack by these threats, with the aim to learn and identify weaknesses. It is our mission to increase the cyber resilience and capabilities of your organisation’s blue team by enhancing your controls against these threats and helping you respond adequately before they strike.

During the simulation, you will be guided by our specialists. Together with them, you make educated decisions, based on which they safely steer the simulation in the right direction. The assignment follows the entire ART procedure, ending with a learning and closure phase. This includes a Purple Teaming session, in which your specialists, our red team, and possible other stakeholders get together to share experiences, replay attacks, and work on the improvement of monitoring and detection controls.

Optionally, a Gold Teaming may be included in which our behavioural specialists will guide your crisis management team through a realistic crisis simulation, based on the actual attack the red team performed.


Threat Intelligence

We use threat intelligence from actual cyber-attacks investigated by the Northwave CERT (Computer Emergency Response Team) and SOC, resulting in realistic and up-to-date attacks scenarios. Our Reverse Engineering team rebuilds actual malware samples used by threat actors, to create the most realistic simulation of the threat actor.

What does this mean for you?

An ART exercise generally takes 11 to 22 weeks but can take longer depending on the scope. Throughout the exercise, we are in contact at regular intervals, seeking progressively closer cooperation with your specialists.

During the ART exercise you receive written reports of the deliverables, such as the red team attack plan. We also provide presentations for operational personnel up to board level executives, to maximise the added value of the exercise.

Our reports contain clear advice for board level executives, on a strategical and tactical level, to decrease your organisation’s risk based on your biggest threats. For operational advice, the report uses the Unified Kill Chain, based on MITRE ATT&CK, to give your personnel maximum insight into the identified weaknesses and mitigations.

If Gold Teaming is included, your crisis management team will experience a cyber crisis management exercise, with a realistic scenario based on the findings of the Red Teaming exercise. This is the most effective way to transfer the technical findings to your strategic management, as they get to experience the impact with simulated “injects” from stakeholders, media, and customers.

ART Phases

The ART framework prescribes the following phases, of which the threat intelligence phase may be executed by Northwave or optionally a third-party provider.

1. Preparation

Our red team is involved in the ART from the preparation phase onwards. With your organisation we establish planning, responsibilities, scoping, and more.

2. Threat Intelligence

Depending on the chosen depth of Threat Intelligence, targeted intelligence is gathered specifically for your organisation, or existing threat landscape documentation is used to build attack scenarios.



3. In

Based on the agreed intelligence-led attack scenario(s), our red team operators gain initial access to your organisation’s digital environment (IN).

4. Through

Within your organisation, our red team operators move towards critical systems and processes, simulating the defined threat actor (THROUGH).

5. Out

Through the critical systems and processes, our red team operators strike and obtain the objectives (or so-called compromise actions or “flags”) of the ART exercise (OUT).

6. Purple Teaming

When the red team operators moved IN, THROUGH, and OUT, the Purple Teaming phase starts. The emphasis is on learning as much as possible from the exercise.

7. Gold Teaming

Your crisis management team is taken through a realistic exercise (Gold Teaming), based on the simulated cyberattack, and the team’s ability to manage a cyber crisis is put to the test.

8. Closing

The exercise concludes with feedback sessions, results presentations to board-level executives, and a remediation plan to address identified vulnerabilities.

No resources?

Leave your Cyber security to us!

Frequently Asked Questions

We can imagine that you have many questions. You can always contact us to learn more. Below are a few examples of questions that we can investigate further with you.

What is ART?

The ART framework is a more modular adaptation of the TIBER-NL framework. It allows non-financial institutions to implement the structured and threat-intel driven approach of TIBER. Depending on the desired number of attack scenario’s, depth of Threat Intelligence, and inclusion of phases like Gold- or Purple Teaming, our red team executes a tailor-made cyber-attack on your organisation.

What's the difference between TIBER and ART?

ART is a lighter variant of the TIBER framework and is intended for testing the security of Crown Jewels with a medium to very high classification level. It can also serve as a prelude to a TIBER test for organisations for which the threshold for a more extensive TIBER test is still too high. The ART framework differs from TIBER in that only one service provider is contracted that executes one attack scenario based on generic threat intelligence and a reconnaissance phase. This results in lower costs and a shorter turnaround time compared to a TIBER test.

What are the advantages of ART over TIBER?

In general, ART uses generic threat intelligence and has a shorter turnaround time and lower costs than a full TIBER test. It is ideal for organisations that are not yet ready for an extensive TIBER test. It is also more modular than TIBER, meaning organisations can tailor the exercise to their needs and resources. It also includes phases like Gold Teaming, allowing the inclusion of a realistic crisis management exercise.

How does ART testing work?

ART testing involves simulating the tactics, techniques and procedures (TTPs) of cyber threat actors based on tailored threat intelligence. The process is divided into several phases: preparation, threat intelligence collection, Red Teaming and closure, including debriefings, purple teaming and follow-up actions. Optionally a crisis management exercise is included in the form of 'Gold Teaming'.

Who can benefit from ART?

Primarily, ART is aimed at European entities within the financial sector, including banks, exchanges, and payment providers, as well as other sectors identified as critical national infrastructure. It helps these organisations assess their ability to defend against and respond to cyber-attacks.

What is the purpose of ART?

The ART framework is intended to help organisations test and improve their cyber resilience against advanced cyber-attacks. It focuses on simulating realistic threats, identifying security vulnerabilities, and letting their IT personnel experience, and learn from, a realistic cyberattack.

What steps does an ART test include?

 An ART test consists of several phases:

  • Preparation: Defining goals and scope.
  • Threat Intelligence Gathering: Gathering relevant threat information or using publicly available threat information.
  • Red Teaming: Simulate attack scenarios based on the gathered Threat Intel.
  • Purple Teaming: Put the Blue Team in the shoes of the attacker to get experience with handling a real cyberattack.
  • Gold Teaming: Allowing your crisis management team to experience a crisis management exercise based on the performed (simulated) attack
  • Closure: Evaluating findings, debriefings and follow-up actions.


How many months does an ART take?

The duration of an ART exercise is highly dependent on the scope and the size and complexity of the organisation. On average you can count on about 4 to 12 months to fully complete an ART exercise.

We are here for you

Need help with your cyber security or wondering how secure your business really is?
Get in touch and we will help you find the best solution.