We will put together a “red team” – simulating real attackers – with the goal of improving your defense capabilities. The red team can be put together for one-time or for on-going use (we recommend the latter). The fundamental principal of the red teams is that it is not limited by scope or procedures. It goes without saying that we won’t kidnap your employees or threaten work-flow. A major advantage of on-going cooperation with the red team is that we will continuously hone our knowledge and approach; this know-how will be passed on to the blue team.The more the red team is able to perform better than an actual attacker, the more effectively the blue team will then be at protecting itself.
Once you have the basics covered (such as maintenance of assets, management of vulnerabilities and are able to detect and react to damaging or suspicious behavior in your surroundings), then it’s time for the red team. If you are still struggling with basic measures, then we recommend that you resolve such issues before you use and develop the red team.
First, we need to agree on the objectives; then we can create a realistic attack scenario and without any systems or addresses being off-limits. An attacker does not operate with such constraints, so it’s in your best interest that the scenario is as realistic as possible. Next we will compile all needed information from entrance photos to long-forgotten conference files. Last but not least, we will carry out the attack by striking systems, circumventing physical security barriers, or by utilizing social engineering. We will wrap up by evaluating how the attack went and whether we achieved our objectives.
One-time or on-going meetings with your blue team, where we will go over the findings and the ways to improve resistance and the state of your security. Moreover, we will prepare a summary and presentation for your superiors. This report will include the technical details of the procedure so the test can be repeated step-by-step. Also included in the report will be our tactical recommendations for an immediate resolution of issues as well as strategic recommendations for long-term improvements.