Protecting the Crown Jewels: How DSPM Defends Red Teaming

Unlike generic vulnerability assessments, red teaming operates like a real-world adversary, uncovering weak points in security defenses and testing an organization’s ability to detect, respond and recover from an attack. And speaking of read teaming, we at Forcepoint are happy to see that CISA’s red team is intact and still protecting federal and critical infrastructure partners. 

According to IBM's 2024 Cost of a Data Breach Report, the global average cost of a data breach reached a record high of $4.88 million in 2024, marking a 10% increase from the previous year. It’s worth noting that tools like Forcepoint’s Data Security Posture Management (DSPM) and Data Detection and Response (DDR) can serve as an effective defense mechanism and protect these high-value targets. 

In this post, I’ll discuss the different types of crown jewels, along with how Forcepoint can help your organization discover and protect them.

Types of Crown Jewels & How They Are Discovered 

1- Sensitive Data (PII, PHI, PCI, Intellectual Property)

Examples: Customer databases, patient health records, credit card details, trade secrets, proprietary algorithms.

Red Team Discovery Tactics:

• OSINT (Open Source Intelligence): Searching for exposed credentials, leaked databases, or insider information.
• Phishing & Social Engineering: Tricking employees into revealing sensitive data access credentials.
• Cloud Misconfigurations: Identifying publicly exposed S3 buckets, misconfigured storage, or unsecured APIs.
• Privilege Escalation: Exploiting weak permissions to move laterally and access sensitive databases. 

 2- Administrative & Privileged Accounts

Examples: Active Directory domain admins, root accounts, cloud admin credentials, privileged service accounts.

Red Team Discovery Tactics:

• Credential Dumping: Using tools like Mimikatz to extract password hashes from compromised endpoints, deploying trojanized tools to stealthily capture credentials for further exploitation.
• Kerberoasting: Targeting weakly encrypted service accounts for privilege escalation.
• Brute-Force & Password Spraying: Exploiting weak authentication policies to crack high-value accounts.
• Session Hijacking: Intercepting or stealing authentication tokens to bypass authentication mechanisms.

3- Critical Infrastructure & Systems

Examples: Core databases, credentials, financial transaction systems, industrial control systems (ICS), DevOps pipelines.

Red Team Discovery Tactics:

• Network Enumeration: Mapping out critical systems using scanning tools like Nmap.
• Default Credentials & Weak Configurations: Exploiting systems that use default admin credentials or lack multi-factor authentication (MFA).
• Exploiting Unpatched Vulnerabilities: Targeting legacy systems running outdated software.
• Firmware Manipulation: Compromising embedded systems to gain persistent access.

4- Source Code Repositories & DevOps Pipelines

Examples: Git repositories, CI/CD pipelines, API keys.

Red Team Discovery Tactics:

• Code Repository Leaks: Searching for exposed repositories on GitHub, GitLab, Bitbucket.
• CI/CD Pipeline Exploits: Injecting malicious code into build and deployment processes.
• Secrets Management Flaws: Extracting hardcoded credentials or unprotected API tokens.
• Dependency Poisoning: Inserting malicious dependencies into software supply chains.

5- Communication & Collaboration Tools

Examples: Email systems, Google Drive, Slack, Teams, Confluence, SharePoint.

Red Team Discovery Tactics:

• Business Email Compromise (BEC): Gaining access to executive emails via phishing.
• Eavesdropping on Internal Communications: Extracting sensitive discussions or confidential data.
• Misconfigured Access Controls: Identifying over-permissioned shared drives.
• Session Token Theft: Hijacking authentication tokens to gain unauthorized access. 

How DSPM Protects the Crown Jewels

DSPM software plays a crucial role in protecting crown jewels by continuously monitoring and securing sensitive data across on-prem, cloud and hybrid environments. Here’s how DSPM neutralizes attack vectors commonly exploited by red teams:

Combine Red Teaming, DSPM and DDR for Proactive Security

Red teaming helps organizations uncover how adversaries might target crown jewels. Forcepoint DSPM and DDR ensures those assets remain protected through proactive discovery, monitoring and remediation. Our Forcepoint DSPM product helps organizations discover, classify and prioritize unstructured data.

By integrating red teaming insights with DSPM capabilities, organizations can build a resilient security strategy that minimizes risk and fortifies their most valuable data against real-world threats. Talk to an expert today.