SOLOMON BARNES CONSULTANCY
Red Team Exercises
HomeDomain AssessmentsCustomised AnalysesWorkshopsStrategy ConsultingTechnology ConsultingScenario BuildingEnterprise RiskSecurity RiskRed Team Exercises

Modelling Threats > Analysing Vulnerabilities > Exercising Responses = Risk-Informed Decision-Taking with Security Art
Using a threat-modelled security risk framework, we go beyond traditional security exercise expectations

 

Red-Team Testing for Converged Security Risk

When approaching a converged security risk a different kind of mindset is needed. Our red-team testing for businesses encapsulates this kind of attitude, as it takes into account all the aspects of the business' operating environment. Our approach is to challenge all physical and  system layers of the business operation.

From education, through design and testing, and up to full-scope pen-testing engagements, our unique propositions can utilise custom-built tools to simulate a persistent attacker, as well as other attack and exfiltration tactics.

webassets/RedTeamticks.jpg

A Seasoned Team of Specialists in Red-team Engagements

Our red-team engagements provide our clients with a real-world risk scenario, and shows how their security control and monitoring systems cope with the individual threats. Exercises are designed collaboratively to meet your specific objectives, and conducted in phases to test reaction in each phase.

When running a red-team test, we focus on the often neglected aspects of a traditional security assessment such as intelligence gathering, profiling, process analysis, 3rd party suppliers, physical security, employee awareness and general social engineering, and of course the actual technical ability to infiltrate into your information assets, the ability to perform a clean exfiltration and/or modify your data.

An often-deployed part of our service is the simulation of a real-world threat, which includes building custom malware, software and data analysis tools.

Post-exercise review, in a workshop setting, enables client teams to explore the findings of the exercise, derive conclusions & priorities, and build consensus around a risk register and security risk strategy.

Modelling Security Risk

With our partners we offer an integral methodology for creating and maintaining a threat-modelled risk framework. This is leveraged by our specialists in preparation for exercises, and can be integrated as part of the post-exercise follow-up, to establish best practices and awareness among client teams.

Moving from Intelligence Gathering, to Mapping assets & processes to establish vulberabilities, and then to the modelling of threat and risk, the framework is central to enabling decision-taking for security related issues for organizations. Accurate threat modelling, quantifiable asset valuations, and ‘what if' scenarios that consider both the deterrence factors of a security measure or process, as well as their potential cost and impact to the organisation.

The methodology takes a current static view and then develops a continuous practice in evaluating the current posture based on past experiences, up‐to‐date intelligence feeds, recognition of trends, and a valuation of the organizational assets (tangible and intangible) along with their transient value (i.e. marketing/reputation/legal implications of it on top of the actual base value).

click here to download more info about threat-modelled risk framework and risk diagnostics


Copyright©2010/11 The Solomon Barnes Consultancy