Collaborative Penetration Test

Skilled attackers often hide their tracks in plain sight by blending malicious activity with legitimate user activity. Of course all organizations want to improve their ability to identify threats, detect attacks, and improve overall security. The difficulty is often in the ability to find the “needle in the haystack” without knowing what the needle looks like. Silent Break Security’s unique Collaborative Penetration Test offering allows organizations to work hand-in-hand with our security experts to improve, assist, and educate on finding the malicious “needle in the haystack.”

The Collaborative Penetration Test is typically scoped as a follow up assessment to the custom, targeted Black Box Penetration Test. The specific areas targeted for collaborative testing depend upon the gaps identified in the Black Box Penetration Test. Typically, testing includes further hardening of several key areas likely to be leveraged in an actual attack. Several potential areas of focus are listed below and described in the sections following.

  • Proxy server and network perimeter hardening
  • Intrusion detection monitoring and alerting
  • Internal network security
  • End-user workstations

Proxy server and network perimeter hardening

Perimeter network security plays a critical role in ensuring attackers are unable to exfiltrate and/or control malware from outside the corporate network. Even worse, organizations usually get traditional Internal Penetration Tests, which by their nature completely bypass the proxy server and network perimeter, forgoing a critical opportunity to harden one of the most important areas of network security. Because of the critical role, Silent Break Security recommends a granular testing approach in hardening the perimeter, egress, authentication, and proxy.

Intrusion detection monitoring and alerting

Another critical piece to improving information security is ongoing intrusion detection, monitoring, and alerting. This is one of the most common areas where organizations are lacking in their defensive capabilities against attackers. Contrary to vendor sales pitches and promotion, IDS systems come preconfigured to catch only the most obvious attacks. In this portion of the Collaborative Penetration Test, Silent Break Security will work with you to test current IDS controls in your environment, identify gaps, and customize IDS and IPS systems to respond intelligently to behavioral trends, and not simply analyze traffic for signature based alerts.

Internal network security

Typically organizations focus their time, resources, and budget on upgrading and hardening their external network footprint. In years past this approach may have been sufficient. However, most current attacks bypass expensive firewalls and perimeter protections via a simple email. Once internal access is obtained escalating privileges and even obtaining domain administrator privileges can be trivial. To improve security internally and mitigate the risk associated with an internal workstation being compromised, the Collaborative Penetration Test focuses on simulating internal attacks in real-time to educate your security team on attack signatures and tactics. Knowing what the needle looks like is the first step to finding it in the haystack. That is the value of the collaborative approach.

End-user workstations

Most companies consider the external firewall the first layer of defense. However, with the change in threat landscape to spear phishing, spam, social engineering, and watering holes, end user workstations are now an organizations first layer of defense in preventing attacks. Understanding the attacks facing end users is one of Silent Break Security’s competitive advantages. The solution is not purchasing more tools, a better antivirus product, or implementing more training. Leveraging existing tools within the target environment, Silent Break Security analyzes potential threats for privilege escalation, attacker pivoting, and workstation vulnerabilities. Real attackers don’t need 0-days to pillage your network. Learn how to detect the attack and respond accordingly.