Your organization has probably built an impressive control-set, but how do you validate which attacks you can detect and respond to? During adversary simulation, an AssureIT consultant will sit alongside your team launching real, but non-malicious attacks supporting real-time monitoring of controls and SIEM. Adversary simulations are always educational and can cover a wide variety of scenarios.
Common adversary simulations (AdSim) scenarios could include:
- Command-and-control (C2)
- Advanced and covert data exfiltration
- Simulating an internal workstation compromised through phishing
- Web server or DMZ breach
- Remote access or VPN breach
- Malicious insider
- Web application attack vectors
- Lost or stolen device
- Ransomware simulation
How does it work? Building on penetration testing, we simulate a known, sophisticated, and advanced adversary attack. The process models an attack scenario that very closely mirrors the tools, tactics, and procedures of the specific adversary. Many adversary simulations are scheduled onsite with our clients and performed over multiple days. As adversary tactics change, our playbooks change with them. The secret to winning the game is having worked the right playbooks!
Let’s be allies against the adversaries…
We follow a “Plan. Do. Check. Act.” cycle that ensures controls are implemented and tested throughout the process. It’s an ideal way to make immediate progress towards your goals. This real-time model seeks to answer:
- Have I thought through the possible access points that are causing vulnerabilities?
- Do I have the right logs tracking events on my network?
- Once implemented, have rules and triggers been properly tested for effectiveness?
- Once an intrusion is detected, do I understand the course of action?