Incident?Attack Simulation
Your ICT infrastructure is under attack. Let us be the first and only ones to succeed in this.
As a business owner, you face a wide range of challenges every day. One of them is maintaining the security of your company's assets. These assets exist not only physically but also increasingly in electronic form. Industrial espionage, cyberattacks, and targeted malware are just a few examples from a long list of risks. With our attack simulation, we comprehensively test the resilience of your organization to cyber attacks.
Selected references on the subject
Why Attack Simulation?
Proactive Simulation
Traditional security assessments such as penetration tests limit the scope and instead focus on the depth of the test. In a real attack, such boundaries are not observed. In our attack simulations, the traditional scope is also eliminated, allowing us to proactively play out realistic attack scenarios. This not only tests your infrastructure, but also your processes and your employees in all areas.
Worst-Case Scenarios
Our attack simulations are tailored to the specific requirements of your organization and your business processes. To identify realistic and context-specific worst-case scenarios, these are developed together with your internal specialists. Such scenarios must be developed individually for each company and can, for example, include access to research results, payroll data, or the impairment of industrial and control systems. This approach ensures that critical scenarios for your organization are considered within the scope of the attack simulation.
Relevant Risks
In an attack simulation, your company is exposed to real attacks, all of which aim to control the predefined worst-case scenarios. This gives you a clear idea of the current threat situation in your company. Our security experts provide you with concrete answers to the question of which areas need to be protected more strongly and where the existing protection is already sufficient from a risk perspective. Based on this, individual packages of measures can be defined and implemented. One way to identify your current risk areas in a measurable way without interfering with your infrastructure is provided by our Cyber Security Assessment.
Our Modules
External attack
Within a modern organization, it is often unavoidable that at least some IT systems are publicly accessible via the internet. This exposure makes the systems an interesting target for attack, as it allows sensitive data to be accessed directly and a first step towards the internal network to be taken. In this scenario, Redguard behaves like an external attacker trying to gain access to systems in your infrastructure that are accessible via the internet. Our security experts use both known and specifically tailored attack methods for your systems. If access is achieved, possible sensitive data is extracted and analyzed. Furthermore, attempts are made to penetrate into internal network areas.
Spear Phishing
This module mounts tailored phishing attacks on individual persons or groups. It involves an attempt to target the persons in a deliberately relevant context in order to encourage them to disclose sensitive information like customer data or login details or even to execute malware on their workstations. The findings of this module provide a clear impression of your current employee awareness and can be used furthermore as a basis for relevant training or evaluating technical measures. Last but not least, this external threat puts the perimeter security through its paces – and therewith also the responsible employees within your organization.
Malware Infection
All important data or information will at some point be processed or read by someone. Most commonly this will take place on the employees’ client devices. This means that in many cases, attackers will not have to penetrate central servers. Instead it is sufficient if they gain access to suitable client devices to obtain the data they seek. This scenario simulates infection of a client with malware as a means of accessing sensitive data. The next step is to place the device in your internal network and to manipulate it via the Internet using the command & control channel (C2). Additionally, we attempt to transfer sensitive data out of the company, which enables an assessment of the installed data loss prevention (DLP) systems and the defense mechanisms such as intrusion detection and prevention systems (IDS/IPS).
Social Engineering
Our company physically penetrates your business premises (without the use of force). In particular, this involves the use of social engineering. The underlying aim is to steal or least copy sensitive information in hard copy (e.g. documents), as well as to position technical eavesdropping devices. This module addresses a large number of issues: Firstly, the social engineering attack reviews the current awareness among your employees, while secondly assessing the internal security measures such as active security systems and other technical mechanisms.
Internal Attack
Placed on your internal network, we simulate an attacker who has gained access to your internal network. We uncover vulnerabilities and actively exploit them there. So-called exploits can be used, for example, or techniques such as the redirection of network traffic and technically supported social engineering (e.g. displaying false login masks). The aim of this scenario is to determine what an attacker can achieve once it has penetrated your internal network, for example, through malware. This scenario enables well-founded statements to be made about the security status of the internal network and simulates the potential damage that could be caused by a failure of the perimeter security.