CYBER ATTACK SIMULATION – Red team
Red Teaming services provide clients with a realistic understanding of the key cybersecurity threats and gaps they are facing, as well as the mitigation and response capabilities they possess. Rather testing single system and/or application, Red-Team activity tests the weakest paths at organizational network. In most of the cases it is the most cost efficient way to verify company’s resilience to a real life cyber attack.
Describe our Service
Comsec’s red team provides its clients with realistic cyber-attacks against people (if needed), processes, and technologies. Throughout the course of this exercise, the Red Team engages controlled cyber-attacks against the client’s corporate network. To test the entire ecosystem and see how one security solution reacts to another and when – as the goal is to breach the perimeter, get control over predefined marks and exfiltrate them in case of need.
The team attempts to breach into the organizations perimeter, to demonstrate how vulnerabilities in the organization’s infrastructure, applications and processes – as well as the lack of awareness of its employees, or incomplete/inactive policies – could allow compromising its assets.
The team’s mission is defined as follows and focused on successfully capturing these three main goals:
- Breach the Perimeter – Attack from outside of the organization’s facilities, getting inside.
- Lateral Network Movement – Attack from within the organization’s network and try to move laterally over the network to reach headquarters with elevated network rights.
- Capture The Flag – Establishing access rights into servers, preferably with Domain Administrator rights.
The research and exercises are being conducted on the basis of a predetermined attack profile. There are four levels defined attack in which research and execution can take place with different resources. Each level has its own limitations and attack techniques:
- An attacker who only requests anonymity and needs the cheapest possible access attempts to access systems using open source software. The attacker will be looking for standard vulnerabilities that can be implemented quickly on many servers at once.
- A novice hacker where a limited budget is available to gain access to the networks of the party under consideration. The attacker will focus more on a specific target and has a focused goal.
- A professional hacker who works alone, but has professional resources and knowledge to deploy his own exploits against the organization. Specific attacks such as the use of proper written exploits of Social Engineering attacks are used to achieve the goal.
- The hacker-for-hire. Multiple hackers are hired by an organization and try to breach the external perimeter. The greater the value of the hack, the more resources are used during the attack.
Comsec offers a unique approach to Red Teaming services by joining proven working experience and a result-oriented attitude with an arsenal of creative intelligence gathering, infiltration, and attack techniques.
By tailoring the Red Team activity to the client, Comsec is able to accurately identify the most relevant cybersecurity threats and provide the client with pragmatic insights into risk and feasibility. This process also demonstrates to the client their ability to detect and react to threats, and exposes gaps in mitigation techniques and security infrastructure.
While the traditional approach to Red Teaming only focuses on the technical aspects of cybersecurity, Comsec utilizes its renown ability to analyze business and legal-level threats, risks, and perspectives in security in order to craft a unique and all-encompassing cybersecurity image for clients.
As most of the organizations are taking actions to secure their applications and networks as part of their security policy by conduction penetration tests, they might get a partial overview regarding their readiness to a real world attack made by a group of hackers. The actual reason for that, is because penetration tests are most of the time limited in scope and resources and therefore presenting only the impact against a certain application or system.
The clients may face with several limitations that impacts overall security level of the organization:
- Limited insight into cybersecurity threats facing the organization
- Security solutions with unproven efficiency
- Untrained SOC team
- Lack of understanding of the exposure level of the organization
- Lack of insight into the security level of current infrastructure
- Weak business case for various goals such as SOC team improvement/installation, IT maintenance, organizational-level upgrades, etc
Comsec’s red team services can validate all of the above and provide with specific recommendation to mitigate the risks and improve the overall security level in the organization.
About the Team
Comsec has variety of Cyber security professionals with different skills set with experience in conducting red team activities. We act as a real hacking team with full transparency to the POC at the client, to get access to the most valuable assets of our clients.