Penetration tests are helpful exercises against known targets. You know the asset that needs to be secured. You know the scope and reach of your asset. And we work with you so that you know exactly when and how it will be assessed.
But what if you didn’t know when you’d be attacked? Or what would be attacked? Or how?
Our adversarial simulation, or red teaming exercise, assesses your readiness to defend against a real-world actualization of business risk. The business risk targeted in such an attack could be to disrupt operations, exfiltrate business-critical data, or simulate other objectives as dictated by you.
intelligence from the outside world and assess your externally-facing risk.
the processes, technical controls, and work culture to protect against the exploitation of people.
internal threats to your business by simulating the rogue insider or the infiltration by an outsider.
your effectiveness across the entire attack/defense surface to better inform strategic decision making.
Our in-depth testing methods, deep expertise, and customizable ways of working with you set us apart from the rest:
We vary the depth of our approach according to your needs. We’ll test the effectiveness of your controls by simulating both internal and external threat actors across different attack domains. We cover OSINT (open source intelligence) gathering, network reconnaissance and attacks, social engineering, and a custom phishing campaign. We cover both “assume breach” and black box scenarios.
Our adversarial simulation follows MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework. The goal is to provide a measurable effectiveness rating across the entire attack/defense surface to better inform strategic decision making. From initial access and execution all the way through exfiltration and Command & Control, we cover the entire attack chain.
We form a partnership with you to develop and execute a strategy that is aligned with natural business cycles and evolving needs. The program can include Red Team, Social Engineering, Phishing, Penetration Testing, Purple Team (ATT&CK), and other offensive security activities based on an evolving security strategy. We also provide support for strategic and tactical remediation and mitigation.