Real-life assessments to evaluate prevention, detection and response capabilities
Measuring the success of security operations on efficiency metrics alone can fail to address a key question all security leaders need to answer: how good are people and controls at preventing, detecting and responding to cyber threats?
Scenario-based testing performed by Redscan’s experienced team of consultants, can help to validate the true effectiveness of your organisation’s capabilities. This is achieved by simulating a wide range of adversarial tactics and providing recommendations to enhance the protection of key assets.
- How effective are security technologies at preventing, detecting and responding to threats?
- Are there any network security blind spots that persistent attackers could exploit?
- Are Blue Team security analysts able to shut down advanced and sophisticated attacks?
- How good are security analysts at differentiating genuine incidents from false positives?
- Are incident response plans in place to address threats and manage compromises?
- Do in-house security teams have the know-how to remediate breaches?
Redscan’s scenario-based testing service can be tailored to help evaluate your organisation’s ability to detect and respond to a range of security risks. The many scenarios and tactics that we can replicate include:
- A supply chain compromise
- Data exfiltration by an employee or contractor
- A spear phishing campaign to harvest credentials
- Installation of malware
Gaining a foothold in the target network using tactics such as spear phishing and supply-chain compromise.
Executing code on a target system once access has been obtained. Includes the abuse of legitimate applications and systems such as Control Panel items and PowerShell.
Establishing and maintaining a persistent presence on a network, overcoming interruptions such as system restarts and updated account credentials.
Increasing permission levels to access additional parts of a compromised network through techniques such as hooking, process injection and access token manipulation.
Avoiding detection through techniques such as the disablement of security defences, prevention of endpoint inspection or bypassing of application whitelisting.
Seeking to gain access to or control a system or domain by obtaining legitimate credentials, including the use of brute force and credential dumping.
Acquiring knowledge of target systems and networks. Includes account, application, browser and directory reconnaissance techniques.
Traversing a network and gaining control of remote systems. Includes Pass the Ticket (PtT) and remote service effects techniques.
Identifying and gathering sensitive information through audio, keystroke, screen and video capture.
Removing files and information from the target network, often using a combination of compression, encryption and legitimate protocol abuse.
Command and Control
Establishing communication with target systems through the abuse of existing, legitimate protocols.
Gain deeper insight with scenario-based testing
Scenario-based testing can be commissioned as a standalone engagement or included as part of Kroll Responder, our award-winning Managed Detection and Response service, in order to continually validate visibility and coverage against current and emerging threats.
Certified Information Security Manager (CISM)
- A leading global MDR company
- Red and blue team CREST CSOC expertise
- High-quality intelligence and actionable outcomes
- Quick and hassle-free service deployment
- An agnostic approach to technology selection
- Avg. 9/10 customer satisfaction, 95% retention rate
Get in touch
Complete the form for a prompt response from our team.