How Facebook's expanded cybersecurity red team efforts go far beyond the social network

August 27, 2021
Facebook's logo appears behind the silhouette of a hand holding a lock symbolizing how an expanded cybersecurity red team can better protect networks

Any organization with a business presence that is solely available online must be hypervigilant about maintaining cybersecurity. With 2.8 billion global monthly active users, Facebook has turned to new and innovative ways of staying one step ahead of their would-be attackers.

Lily Hay Newman, writing for Wired, shared how COVID-19 provided an opportunity for Facebook to re-evaluate and update their internal security strategies.

Many large tech organizations have what’s known as a “red team,” which is responsible for acting like hackers to find vulnerabilities before outside hackers can.

With the massive increase in remote workers due to the global pandemic, “Facebook red team manager Nat Hirsch and colleague Vlad Ionescu saw an opportunity, and a need, for their mission to evolve and expand in kind,” says Newman. “So they launched a new red team, one that focuses on evaluating hardware and software that Facebook relies on but doesn't develop itself. They called it Red Team X.”

What is Red Team X

Red Team X works independently of the social media platform’s original red team and also evaluates the multitude of third-party products that are integrated into Facebook, and therefore could negatively impact its security.

With this transition, Facebook engineers can reach out to Red Team X to do a security evaluation on a number of tech products, including hardware, software, cloud services, and other products.

“It would be easy for them to go down hacking rabbit holes for months at a time prodding every aspect of a given product,” says Newman. “So Red Team X designed an intake process that prompts Facebook employees to articulate specific questions they have.”

The questions are geared toward providing Red Team X with any specific concerns about potential vulnerabilities.

How the Expanded Red Team Can Protect the Entire Network

Red Team X reported their first success in January of this year related to an issue with Cisco’s AnyConnect VPN. Subsequent discoveries include an Amazon Web Services cloud bug and two vulnerabilities in an Eltek power system controller.

The diversity of Red Team X’s findings are resulting in impacts far beyond the world of social media. Since the team is examining items such as networked power systems, which are growing in use, there is the potential that resolving those vulnerabilities will protect other users.

Newman mentions the SolarWinds attack, where hackers gained access to the company’s systems and resulted in attacks on hundreds of additional targets, and how work by Red Team X may prevent such an attack in the future.

“Such ‘supply-chain attacks’ that prey on the tech industry's interconnected ecosystem are difficult to fully defend against and represent one of the security industry's most intractable challenges,” says Newman.

Facebook’s Red Team X is just one way that cybersecurity experts are reimagining best practices for the industry.

Learn more about Capitol Tech’s degree programs in Security, Intelligence, and Critical Infrastructure and cyber and information security. Many courses are available both on campus and online. For more information, contact

Categories: Cybersecurity