Adding to Fortis’ comprehensive range of consultancy-based penetration testing services we also offer more advanced tests, which we are able to due to the extensive red teaming experience of our certified Penetration Testers.
As with our standard engagement, each advanced test is followed with a detailed technical report and a debrief presentation to ensure the issues documented are fully understood and the correct context of each finding has been agreed.
ADVERSARIAL INCIDENT TESTING
Generally speaking, cybersecurity specialists don’t talk about “if” an attack takes place, but “when”. With this mindset, it is essential to know how well technical staff perform in an incident.
The work focuses on whether the IT team detected an attack, how they respond to it, and what technical failures there were in terms of forensic capabilities is essential.
Organisations that are higher on the cybersecurity maturity model should actively seek to validate their detection and response capabilities. Adversarial incident testing artificially creates a security event. The defensive team should detect the event and allows them to safely test their tactics, techniques and procedures when such an incident occurs.
The objective of adversarial testing is to demonstrate what the minimum level of your organisations defensive (blue) team capability is. This takes a tester with a higher level of experience and will indicate when the defensive team know when someone has access, which they shouldn’t have.
This is also particularly useful for organisations wanting to test that their security operations centre, outsourced or managed locally.
This is not a large exercise and a simple approach will suffice for this test. There will be multiple scenario’s (i.e. not just nmap) designed which will be appropriate for the maturity of the security operations.
This information will drive how the simulations are to be designed so that it works for the security operations team. Examples would be from port scans to people logging into multiple systems, deleting security log files, escalating privileges actions presenting anomalous behaviour which should be alerted and investigated.
Fortis will work with a customer insider to plant an improvised cyber device, then a few days later the simulations will begin. Initially noisy and then quieter to simulate a real attack and to see how the security operations teams can detect these problems and what would they be able to do next.
What knowledge is required for the blue team, are any tools letting them down (i.e. detection controls). Can the security team locate the malicious device and then unplug it or remediate this issue.
CORE ASSETS SECURITY TESTING
The concept is to deliver a ‘deeper look’ security assessment of an organisations most precious platforms, the ones which if they were compromised would hurt the company the most.
This is a more advanced security penetration test as it will enable clients to identify the stages of the kill chain so they can deploy compensating controls, mitigating technical and policy controls to offer a multi-layer defence.
Secondly to tune their security incident and event management (SIEM) platform so it detects, alerts and more proactively defends those key assets.
Conceptually this is very much white box testing with close customer involvement. For core assets we need to see the code, spend time with you to understand how each element in the architecture works and how they interoperate.
We can look at the code for resilience to attack and is a far deeper look into a system, its architecture to discover the subtle vulnerabilities.