Contact Us

Contact Us

Please get in touch using the form below

I prefer to be contacted by:
View our privacy policy
Learn how to validate the effectiveness of your cyber security controls. Join our webinar on September 8th.

Overview

Real-life assessments to evaluate prevention, detection and response capabilities

Measuring the success of security operations solely on efficiency fails to address the key question that all security leaders need to answer about their organisation; how good are security teams, tools and procedures at preventing, detecting and responding to cyber threats?

Scenario-based testing, performed by Redscan’s experienced ethical hackers, can help to validate the effectiveness of your organisation’s security capabilities and drive improvements to threat hunting, breach detection and incident response.

Benefits

Benefits of scenario-based testing

Scenario-based testing is a specialist form of offensive security assessment. Unlike traditional penetration testing, which is focused on uncovering vulnerabilities, scenario-based testing is designed to benchmark the performance of cyber security controls against specific adversarial tactics and behaviours. Scenario-based testing helps to answer important questions such as:

  • How effective are security technologies at preventing, detecting and responding to threats?
  • Are there any network security blind spots that persistent attackers could exploit?
  • Are Blue Team security analysts able to shut down advanced and sophisticated attacks?
  • How good are security analysts at differentiating genuine incidents from false positives?
  • Are incident response plans in place to address threats and manage compromises?
  • Do in-house security teams have the know-how to remediate breaches?

Purpose

Validate the effectiveness of
security operations

Scenario-based testing is commonly used to assess the ability of your organisation to prevent, detect and respond to threats. Unlike a Red Team Operation, which is designed to replicate a full-scale cyber-attack, a scenario-based test is a more focused type of assessment often constructed around a specific adversarial tactic. Regular scenario-based testing creates a culture of continuous improvement, ensuring that your security operations team is better prepared to act against current and emerging threats.

Assessments

Custom assessments

Redscan’s scenario-based testing service can be tailored to help evaluate your organisation’s ability to detect and respond to a range of security risks. The many scenarios and tactics that we can replicate include:

  • A supply chain compromise
  • Data exfiltration by a malicious insider
  • A spear phishing campaign to harvest credentials
  • Installation of malware
A range of security assessment services

MITRE ATT&CK

The MITRE ATT&CK™ framework

Scenario-based testing can be aligned to a range of adversarial behaviour frameworks. One of the most common is the Adversarial Tactics, Techniques and Common Knowledge (MITRE ATT&CK), which outlines the methods adversaries use to compromise, exploit and traverse networks. The MITRE ATT&CK Framework is divided into 11 groups of TTPs, all of which can be replicated by scenario-based testing.

01. Initial Access
02. Execution
03. Persistence
04. Privilege Escalation
05. Defense Evasion
06. Credential Access
07. Discovery
08. Lateral Movement
09. Collection
10. Exfiltration
11. Command and Control
01.

Initial Access

Gaining a foothold in the target network using tactics such as spear phishing and supply-chain compromise.

02.

Execution

Executing code on a target system once access has been obtained. Includes the abuse of legitimate applications and systems such as Control Panel items and PowerShell.

03.

Persistence

Establishing and maintaining a persistent presence on a network, overcoming interruptions such as system restarts and updated account credentials.

04.

Privilege Escalation

Increasing permission levels to access additional parts of a compromised network through techniques such as hooking, process injection and access token manipulation.

05.

Defense Evasion

Avoiding detection through techniques such as the disablement of security defences, prevention of endpoint inspection or bypassing of application whitelisting.

06.

Credential Access

Seeking to gain access to or control a system or domain by obtaining legitimate credentials, including the use of brute force and credential dumping.

07.

Discovery

Acquiring knowledge of target systems and networks. Includes account, application, browser and directory reconnaissance techniques.

08.

Lateral Movement

Traversing a network and gaining control of remote systems. Includes Pass the Ticket (PtT) and remote service effects techniques.

09.

Collection

Identifying and gathering sensitive information through audio, keystroke, screen and video capture.

10.

Exfiltration

Removing files and information from the target network, often using a combination of compression, encryption and legitimate protocol abuse.

11.

Command and Control

Establishing communication with target systems through the abuse of existing, legitimate protocols.

High-fidelity security telemetry mapped to MITRE ATT&CK

Security insight

Gain deeper insight with scenario-based testing

Scenario-based testing can be commissioned as a standalone engagement or included as part of ThreatDetect™, Redscan’s award-winning Managed Detection and Response service, in order to continually validate visibility and coverage against current and emerging threats.

Expertise

Our security qualifications

About us

Why choose Redscan?

  • A leading UK-based MDR company
  • Red and blue team CREST CSOC expertise
  • High-quality intelligence and actionable outcomes
  • Quick and hassle-free service deployment
  • An agnostic approach to technology selection
  • Avg. >9/10 customer satisfaction, 95% retention rate

Get in touch

Complete the form for a prompt response from our team.

I prefer to be contacted by:
View our privacy policy

Resources

Discover our latest content and resources

From the blog
From the blog Case studies Latest news
5th August 2020
INTERPOL assessment of Covid-19 impact shows cybercriminals shift focus from small to large organisations
INTERPOL has identified that COVID-19 has led to a significant change in focus by cybercriminals from individuals and small businesses to government, major corporations and critical infrastructure.  It has also stated that a further increase in cybercrime is very likely in the near future.    
4th August 2020
Covid-19 pandemic led to an increase in cyber-attacks for most UK organisations
Recent research has identified that 92% of organisations in the UK saw an increase in cyber-attacks due to Covid-19. The three top challenges were: identifying new personal computing devices on the network, overloaded VPN capacity issues and increased security risks from video conferencing.
28th July 2020
State of security across universities FoI report
We sent FoI requests to 134 UK universities to understand how well prepared they are to protect staff, students and vital research against cyber threats. The results painted a mixed picture. Read our report here.
20th July 2020
UK is the second most targeted country for “serious” cyber-attacks
New research suggests that the UK is the second most targeted country for “serious” cyber-attacks, defined as ones which target government agencies, defence and high-tech companies.