Image of a virtual data centre processing data

Scenario-Based Testing

Assess the effectiveness of your security operations to defend against the latest threats

Overview

Real-life assessments to evaluate prevention, detection and response capabilities

Measuring the success of security operations on efficiency metrics alone can fail to address a key question all security leaders need to answer: how good are people and controls at preventing, detecting and responding to cyber threats?

Scenario-based testing performed by Redscan’s experienced team of consultants, can help to validate the true effectiveness of your organisation’s capabilities. This is achieved by simulating a wide range of adversarial tactics and providing recommendations to enhance the protection of key assets.

Benefits

Benefits of scenario-based testing

Scenario-based testing is a specialist form of offensive security assessment. Unlike traditional penetration testing, which is focused on uncovering vulnerabilities, scenario-based testing is designed to benchmark the performance of cyber security controls against specific adversarial tactics and behaviours. Scenario-based testing helps to answer important questions such as:

How effective are security technologies at preventing, detecting and responding to threats?
Are there any network security blind spots that persistent attackers could exploit?
Are Blue Team security analysts able to shut down advanced and sophisticated attacks?
How good are security analysts at differentiating genuine incidents from false positives?
Are incident response plans in place to address threats and manage compromises?
Do in-house security teams have the know-how to remediate breaches?

Purpose

Validate the effectiveness of
security operations

Scenario-based testing is commonly used to assess the ability of your organisation to prevent, detect and respond to threats. Unlike a Red Team Operation, which is designed to replicate a full-scale cyber-attack, a scenario-based test is a more focused type of assessment often constructed around a specific adversarial tactic. Regular scenario-based testing creates a culture of continuous improvement, ensuring that your security operations team is better prepared to act against current and emerging threats.

Assessments

Custom assessments

Redscan’s scenario-based testing service can be tailored to help evaluate your organisation’s ability to detect and respond to a range of security risks. The many scenarios and tactics that we can replicate include:

A supply chain compromise
Data exfiltration by an employee or contractor
A spear phishing campaign to harvest credentials
Installation of malware

MITRE ATT&CK

The MITRE ATT&CK™ framework

Scenario-based testing can be aligned to a range of adversarial behaviour frameworks. One of the most common is the Adversarial Tactics, Techniques and Common Knowledge (MITRE ATT&CK), which outlines the methods adversaries use to compromise, exploit and traverse networks. The MITRE ATT&CK Framework is divided into 11 groups of TTPs, all of which can be replicated by scenario-based testing.

01. Initial Access

02. Execution

03. Persistence

04. Privilege Escalation

05. Defense Evasion

06. Credential Access

07. Discovery

08. Lateral Movement

09. Collection

10. Exfiltration

11. Command and Control

01.

Initial Access

Gaining a foothold in the target network using tactics such as spear phishing and supply-chain compromise.

02.

Execution

Executing code on a target system once access has been obtained. Includes the abuse of legitimate applications and systems such as Control Panel items and PowerShell.

03.

Persistence

Establishing and maintaining a persistent presence on a network, overcoming interruptions such as system restarts and updated account credentials.

04.

Privilege Escalation

Increasing permission levels to access additional parts of a compromised network through techniques such as hooking, process injection and access token manipulation.

05.

Defense Evasion

Avoiding detection through techniques such as the disablement of security defences, prevention of endpoint inspection or bypassing of application whitelisting.

06.

Credential Access

Seeking to gain access to or control a system or domain by obtaining legitimate credentials, including the use of brute force and credential dumping.

07.

Discovery

Acquiring knowledge of target systems and networks. Includes account, application, browser and directory reconnaissance techniques.

08.

Lateral Movement

Traversing a network and gaining control of remote systems. Includes Pass the Ticket (PtT) and remote service effects techniques.

09.

Collection

Identifying and gathering sensitive information through audio, keystroke, screen and video capture.

10.

Exfiltration

Removing files and information from the target network, often using a combination of compression, encryption and legitimate protocol abuse.

11.

Command and Control

Establishing communication with target systems through the abuse of existing, legitimate protocols.

Security insight

Gain deeper insight with scenario-based testing

Scenario-based testing can be commissioned as a standalone engagement or included as part of Kroll Responder, our award-winning Managed Detection and Response service, in order to continually validate visibility and coverage against current and emerging threats.

CEH

Certified Ethical Hacker (CEH)

Tiger Scheme

Tiger Scheme Qualified Security Team Member (QSTM)

CREST

CREST Registered Tester (CRT), CREST Simulated Targeted Attack and Response (STAR), CREST Certified Web Application Tester (CCT APP), CREST Certified Infrastructure Tester (CCT INF), CREST Certified Simulated Attack Manager (CC SAM), CREST Certified Simulated Attack Specialist (CC SAS), CREST SOC

Offensive Security

Offensive Security Certified Professional (OSCP)

ISACA

Certified Information Security Auditor (CISA)
Certified Information Security Manager (CISM)

A leading global MDR company
Red and blue team CREST CSOC expertise
High-quality intelligence and actionable outcomes
Quick and hassle-free service deployment
An agnostic approach to technology selection
Avg. 9/10 customer satisfaction, 95% retention rate

Get in touch

Complete the form for a prompt response from our team.

Two Redscan team members analysing cyber security intelligence

1000 characters left

I would like to receive invitations, insights and thought leadership content from Kroll

View our privacy policy

From the blog

From the blog Case studies Latest news

26th April 2024

Healthcare cyber security insights revealed in new Kroll report

16th April 2024

The secure email standard: safeguarding data in health and social care

25th March 2024

New Kroll report highlights rise in use of external remote services for initial access

24th March 2024

ChatGPT security risks: defending against chatbots

Hospitality Company

Securing a hospitality company’s continued global expansion

Asset Management Firm

Enhancing security visibility for a leading asset management firm

National Homebuilder

Ensuring threat visibility across a hybrid cloud network

Specialist Bank

Raising the bar by uncovering vulnerabilities across a bank’s estate

22nd April 2024

Quishing attacks increase tenfold

According to new research, quishing attacks, a type of phishing that leverages QR codes, have significantly increased, rising from 0.8% in 2021 to 10.8% in 2024.

15th April 2024

Half of UK businesses affected by cyber-incident in the past year

According to a new report by the UK government, half of UK businesses have reported a cyber incident or data breach in the past 12 months.

8th April 2024

Infostealers prominent in retail cyber-attacks

New research has highlighted that the use of infostealers dominated in cyber-attacks on retailers over the past year.

2nd April 2024

Zero-day vulnerabilities soared by over 50% between 2022 and 2023

In a new report Google has revealed that the volume of zero-day vulnerabilities it detected rose by over 50% from 2022 to 2023, with bugs in third-party components on the increase.