null

ADVERSARY SIMULATION

Adversary Simulation

Real-Time, Real Life Attacks

Your organization has probably built an impressive control-set, but how do you validate which attacks you can detect and respond to? During adversary simulation, an AssureIT consultant will sit alongside your team launching real, but non-malicious attacks supporting real-time monitoring of controls and SIEM. Adversary simulations are always educational and can cover a wide variety of scenarios.

Fun fact, SynerComm has been using similar methods of testing and validation since we introduced our trademarked Rapid Hybrid Pentest (RHP) nearly a decade ago. Rather than focusing on finding vulnerabilities, our RHP was designed to validate the effectiveness of the controls that protect us from vulnerabilities. It also had the added benefit of training our clients to hunt through their logs to discover our attacks. We’ve evolved from testing specific exploits against known vulnerable software to more modern adversary simulations. Today we simulate everything from command and control, to privilege escalation, to lateral movement…and anything within the MITRE ATT&CK Framework.

Common adversary simulations (AdSim) scenarios could include:

  • Command-and-control (C2)
  • Advanced and covert data exfiltration
  • Simulating an internal workstation compromised through phishing
  • Web server or DMZ breach
  • Remote access or VPN breach
  • Malicious insider
  • Web application attack vectors
  • Lost or stolen device
  • Ransomware simulation

How does it work? Building on penetration testing, we simulate a known, sophisticated, and advanced adversary attack. The process models an attack scenario that very closely mirrors the tools, tactics, and procedures of the specific adversary. Many adversary simulations are scheduled onsite with our clients and performed over multiple days. As adversary tactics change, our playbooks change with them. The secret to winning the game is having worked the right playbooks!

Let’s be allies against the adversaries…

Move the Needle Immediately

Key Components of Adversary Simulation

Real-Time Validation

Adversary simulation is not your run of the mill penetration test. In many ways, it resembles a very technical audit. This standardized and measured (scored) process quantitatively validates controls against known and unknown threats. As an added bonus, your security team gets trained on handling real-time events as they pass through networks and controls.

Command & Control

From initial compromise or command and control (C2), to an advanced golden ticket simulation, our playbooks help your security mature at your pace. Regardless of where your security organization is today, we have a plan to help you improve tomorrow.

Offensive & Defensive

Playing both sides of the field has its advantages. Each phase of the simulation has an offensive and defensive component. This provides an opportunity to validate the effectiveness of your controls, as well as an opportunity to tune and improve their capabilities.

SIEM Optimization

Too often, SIEM systems are not properly configured or tuned to provide useful information. For SIEM to be effective, it must first collect the right information, then filter out noise while looking for suspicious activity, and then alert on real security events. How do you know that your SIEM is working for you?
Synercomm’s “Plan. Do. Check. Act.” Model

We follow a “Plan. Do. Check. Act.” cycle that ensures controls are implemented and tested throughout the process. It’s an ideal way to make immediate progress towards your goals. This real-time model seeks to answer:

  • Have I thought through the possible access points that are causing vulnerabilities?
  • Do I have the right logs tracking events on my network?
  • Once implemented, have rules and triggers been properly tested for effectiveness?
  • Once an intrusion is detected, do I understand the course of action?

Success is not simulated, it Is achieved. Contact us today.

FREE RESOURCES
TECH TV
SHELLNTEL BLOG
TOOLS & SCRIPTS
UPCOMING EVENTS
IT ASSET PORTAL