Securing even the toughest of Hardened Environments
Advanced Attack Simulation
Why do I need an Advanced Attack Simulation?
Organizations that have been through multiple successful rounds of penetration testing resulting in a hardened environment face a very tough problem: How do they get a successful penetration test?
The common approach offered by a standard penetration test just won’t deliver results in these well defended organizations. Commodity vulnerability assessment tools or off-the-shelf attacks and exploits, are just not going to be effective. Success requires an advanced attack, as by definition they are protected against any common approach that would normally be conducted. A penetration test over a two-to-three week period of time does not adequately allow for this to occur. On the other hand, the cost of conducting a multi-month focused assessment isn’t part of many organizations budgets. This is where Offensive Security shines.
As it turns out, these sorts of hardened environments are what we love to work in. A job that requires us to stretch and find new attack methodologies is what we are looking for, and we have been lucky enough to find ourselves in this situation many times. Because of this, we have been able to build a cost effective vulnerability assessment test for these environments that may be right for you.
An Evolving Penetration Testing Methodology
Advanced Attack Simulation Process
A real attacker is not subject to an artificial time limitation when it comes to building an effective assault against your organization. Obviously an unlimited timetable is not something that is realistic as a service, but we have found effective methods of shortcutting this process.
It’s a given that custom attacks are required in this sort of protected environment, and the most important ingredient for building a custom attack is information. Paying an assessment team to collect information that you are already in possession of is neither efficient nor cost effective. We bypass this by sitting down with your team and have you teach us about your company and systems. As you are the most knowledgeable party on the subject, we depend on your expertise to walk us through your environment in an interactive manner.
This process alone can save you months of effort and cost.
Using the information that we are provided, we go back to our labs to create a simulation of the target environment, modeling potential attack points that we have identified. We spend a period of time developing custom attacks that are modeled to be specific against your organization. The unique combination of software in use and the work-flow that is put in place always creates targets of opportunity that are overlooked or not practical to attack using traditional methods.
After we have a series of attacks constructed we start the active phase of the assessment. Here we put the new attacks to work, modifying them where needed based on differences encountered in the real world compared to the labs. At this point Offensive Security is able to actively simulate a determined attacker that has specifically targeted your organization in a manner that would not otherwise be possible without spending many months on the project.
Is an Advanced Attack Simulation right for you?
Why you should choose Offensive Security
The Advanced Attack Simulation is created for very specific environments. Your information security program and defenses have to be mature enough to justify this level of vulnerability assessment. However, if you are increasingly frustrated with finding an assessment team that can handle your environment this may be the perfect fit for you.
Simply stated, no other company can provide this level of ethical hacking service. Offensive Security has unique experience in a combination of areas from zero-day exploit discovery to hands on training of high security organizations. We are one of the most trusted names in the industry, responsible for maintaining the largest public archive of exploits available and the creators of the most widely utilized security focused Linux distribution available.