A group of people authorized and organized to emulate a potential adversary's attack or exploitation capabilities against an enterprise's security posture.
Identifies the risk and susceptibility of attack against key business information assets.
Techniques, Tactics and Procedures (TTPs) of genuine threat actors are effectively simulated in a risk managed and controlled manner.
Assesses the organization’s ability to detect, respond and prevent sophisticated and targeted threats
Close engagement with internal incident response and blue teams to provide meaningful mitigation and comprehensive post-assessment debrief workshops.
Active Directory Assessment: The Active Directory Security Assessment involves review of documentation, discussions with staff, execution of proprietary tools and a manual review of your Active Directory configuration and settings. You receive a detailed report of the issues discovered and their impact along with recommended steps for mitigation and remediation.
The Active Directory Security Assessment focuses on several key pillars, including:
• Review of operational processes.
• Review of the privileged accounts/groups membership as well as regular account hygiene.
• Review of the forest and domain trusts.
• Review operating system configuration, security patch, and update levels.
Phishing Attacks Simulation: Phishing simulations are imitations of real-world phishing emails organizations can send to employees to test online behavior and assess knowledge levels regarding phishing attacks. The emails mirror cyber threats professionals may encounter in their daily activities, both during and outside work hours.
Physical Pen-Test: Physical penetration testing simulates a real-world threat scenario where a malicious actor attempts to compromise a business’s physical barriers to gain access to infrastructure, buildings, systems, and employees. The goal of a physical penetration test is to expose weaknesses in a businesses’ overall physical defenses. Through identifying these weaknesses proper mitigations can be put in place to strengthen the physical security posture.
For a red team assessment to be successful organizational buy-in is essential from senior management from the very start across departments such as IT, HR and legal.
A red team assessment is not just about highlighting
the company’s weaknesses but is an attempt to think outside the box when it comes to the security of the business. It is a clear effort from the organization to understand and continuously improve the security posture of the
business into the future.
Thick client penetration testing encompasses both client- and server-side processing and frequently makes use of proprietary communication protocols.
Read MoreA source code review is a security service that examines the source code of an application manually or using scanners. The purpose of this examination is to identify any existing security flaws or vulnerabilities.
Read MoreAn API penetration testing is a security service that simulates an external attacker or malicious insider specifically targeting a particular set of API endpoints and attempting to breach security in order to compromise the confidentiality, integrity, or availability of an organization's resources.
Read More