Red Teaming

A Penetration Test, often called “red teaming” or a “red team exercise” is the practice of simulating as closely as possible the effect that cyberthreats could have on your business. It is a simulation of a real-world attack on targeted assets using the same tools and techniques that modern criminals use. This is done by understanding who your threats are, their capabilities, motivations and targets and “hacking” your systems the way they can.

Types of Testing

Internal / External Test

An Internal and External Network Penetration Test seeks to identify vulnerabilities in resources accessible on the Client’s internal and external networks

Application Test

Application Penetration Testing is a type of ethical hacking engagement designed to assess the architecture, design and configuration of web applications

Perimeter Test

A Perimeter Penetration Test seeks to identify technical vulnerabilities in host systems in a perimeter, hosted environment, or DMZ

Scenario Based Test

Simulation of a specific threat or threat sources

Advanced Persistent Test

An Extension of a Scenario-Based Test over a prolonged period

Internal Network Penetration Test

An internal network penetration test seeks to identify vulnerabilities in resources accessible on the Client’s private internal networks by mimicking the methods used by real-world attackers. Penetration tests use both automated tools as well as manual investigation to identify exploitable vulnerabilities and leverage privileges to access and move between sensitive and critical Internal resources

  • Identify internal vulnerabilities and threats
  • Test your controls against those vulnerabilities and threats
  • Define cybercriminals motivation, capabilities and targets
  • Identify current security breaches on your network
  • Satisfy regulatory, insurance and vendor compliance requirements

External Network Penetration Test

An external network penetration test seeks to gain access to sensitive data and systems in publicly accessible Internet resources by mimicking the methods used by real-world attackers. Penetration tests use both automated tools as well as manual investigation to identify any exploitable vulnerabilities and leverage privileges to access sensitive and critical Internal resources.

  • Identify external vulnerabilities and threats
  • Test your controls against those vulnerabilities and threats
  • Define cybercriminals motivation, capabilities and targets
  • Identify current exploits and target paths
  • Satisfy regulatory, insurance and vendor compliance requirements

Application Penetration Test

Application Penetration Testing is a type of ethical hacking engagement designed to assess the architecture, design and configuration of web applications. Testing is conducted to identify cybersecurity risks that could lead to unauthorized access, misconfigurations, and/or data exposure.

Application Penetration Testing specifically targets Web Applications in a client’s environment. HarborShield Security offers this testing in two different ways:

  •   One Time test performed annually

                                         – or –

  •   Proactive continuous testing throughout a specific time period

During these tests we will uncover deficiencies, misconfigurations and vulnerabilities in the web application environment. This process includes a remediation path and technology road mapping.

Scenario Based Penetration Test

A scenario-based penetration test is a customized red team, real world attack that tests against specific processes, tools, policy or regulatory commitment. During the test, our analyst will utilize current threat actor tactics against specified internal and external corporate defenses. The outcome of this test will allow your organization to remediate and document against real-time threats.

  • Scenario-based testing is a specialized form of red-teaming or offensive security
  • Designed to benchmark the performance of cyber security controls against specific adversarial tactics and behaviors
  • Helps with identifying specific gaps for your internal and external environment(s)
  • Tailored remediation based on specific and pointed objectives/results
  • Allows documented real-time perspective of current tactics that cybercriminals are using

Results Document Details:

Advanced Persistent Penetration Test

An Advanced Persistent Penetration Test is a key element to an organizations proactive managed security program. This testing allows documentation of continuous progress against current and active security threats in your environment. This form of proactive security allows your organization to not only document threats but mitigate them.

  • Develops a cadence for documented security findings
  • Allows holistic visibility into all technical components of your environment
  • Helps with identifying persistent internal and external threats
  • Interactive activities allow your internal IT team to understand offensive tactics

Perimeter Penetration Test

A Perimeter Penetration Test seeks to identify technical vulnerabilities in host systems in a perimeter, hosted environment, or DMZ. An iterative methodology is utilized to identify vulnerabilities beyond automated vulnerability scanners.

HarborShield Security will perform the following:

  • Receive target IP address and VHost information
  • Perform port scanning and service enumeration
  • External Vulnerability Scan (unauthenticated) of Internet accessible systems
  • Identify web applications and web assets accessible via the Internet
  • Enumerate web specific vulnerabilities and configuration errors
    Exploit selected (and approved by client) vulnerabilities to determine additional information useful to an attacker

Contact us today for your best solution

Click Here