Laneden’s WAR GAMES service is comparable to PURPLE TEAMING. We utilise our in-depth cybersecurity knowledge in both defence (blue) and offence (red). Bringing insight into the techniques and tactics used by malicious actors and how to mitigate them.
In our experience businesses are deploying cybersecurity teams and building SOC (Security Operations Centre) environments to try and keep up with the ever-changing cybersecurity threat landscape.
These environments are traditionally home to what is known as a Blue Team. Their job is to defend the organisation from cyber-attacks and intern, protect the organisation, it’s employees, and its customers. This mammoth task is usually broken down into more defined categories of requirements such as deception, prevention, detection and response.
These teams specialise in technologies such as SIEM (Security Information and Event Management) and UBA (User Behaviour Analysis).
SIEM solutions tend to work on collated logs with rules defining odd events chained together. This chain of events would initiate an alert, and the team would analyse the alert along with the logs to understand if they are truly under attack or if it is simply someone doing their day to day work.
These systems can be expected to process millions of logs a second and can cost considerable amounts of money. However, they are only as good as the correlated rules defined within them.
UBA systems are platforms which gather logs but instead of collating them and relying on defined events or chains of events in the logs. They utilise neural networks to learn what log data is “normal” behaviour for each specific user account on your network.
The antithetical of the blue team, we have the offensive Red Team who are tasked with identifying security concerns in organisations by means of real-life adversarial techniques. Looking for any means to compromise systems, networks and people.
Laneden’s War Games look to bring these teams together in what’s known as Purple Teaming. Our experts can work closely with your team, brandishing similar techniques as your adversaries’ we can help your team understand what to expect and potentially highlight any visibility gaps you may have in your networks.
Making recommendations on how to prevent, detect and respond to potential real-world attacks which have been identified within your organisation and its networks.
An on-site debriefing of the findings explaining how attackers could potentially gain control of your systems or/and exfiltrate data.
A comprehensive report is written containing an executive summary and is consumable by anyone in the organisation regardless of their technical background.
Along with enough detail to allow you to not only understand the attacks but also concise and clear guidance on how to potentially prevent them, detect them and respond to them.
Using a combination of automated and manual testing, our consultants will conduct a thorough assessment of your infrastructure, identifying vulnerabilities that may be exploitable by both authenticated and unauthenticated users across your network.
The use of automated tools and in-depth knowledge of manual testing allows us to accurately and effectively assess your infrastructure, maximising the time available.
Assessments are conducted in line with the current standards and methodologies utilised in the industry, such as those outlined in the Penetration Testing Execution Standard (PTES). Using PTES as guidance, Laneden defines our approach in six phases:
- Pre-engagement
- Intelligence Gathering
- Vulnerability Analysis
- Exploitation
- Post Exploitation
- Reporting
Our consultants engage with the client to discuss the scope and make certain all is in order prior to the assessment beginning
Communications at the beginning and end of each assessment day, confirming either the assessment is starting or ending for the day.
On-going communications from the engaged engineer, highlighting any major issues as they come across them.
A comprehensive report is provided containing an executive summary which gets right to the point of the associated risks and is consumable by anyone in the organisation regardless of their technical background.
Clear and concise information describing each issue to hand.
Technical references will be provided when relevant, allowing you to gather more information on the vulnerability if required.
Each vulnerability will be put into context and given a risk-based score. Utilising CVSS 3 scoring and relevant context you can get a real picture for each associated risk.
Simple remediation advice, advising what is required to remediate the relevant vulnerability.
FREQUENTLY ASKED QUESTIONS
Purple teaming is an approach whereby both the red and blue teams work closely together to maximise cyber defence and attack knowledge. Bringing a new level of understanding and in turn enhancing your defence capabilities through knowledge transfer.