With Ongoing Assume breach, we test that your security responds as expected

How Ongoing Assume Breach works

An Assume Breach test is a comprehensive security test based on realistic scenarios. For example, that an employee’s machine has been compromised with malware.

With an Ongoing Assume Breach service, your cyber defense will be continuously tested and optimized.

Various tests are carried out throughout the year without your MDR/SOC supplier being notified. Thus, both your installation and emergency response are pressure tested continuously.

The attacks we perform should be detected. If not, your solution is strengthened with information from the attack, so you catch it the next time a similar attack occurs.

Goal
In each test, our consultants try to acquire as much rights and information as possible. In addition to governance, we aim to improve your MDR/SOC capabilities and cyber defense through open dialogue.

Requirements for setup
A client or service must be made available that we can use. This could be via VPN, Citrix or similar. We need a fresh client or server at the beginning of each quarter. This is agreed at the quarterly reporting meetings. Sometimes we also make attacks from the outside without having acquired access first.

Frequency
We conduct test cases once or several times a quarter, where we try to bypass your security measures with the latest attack methods and tools. It is an advantage that as few people as possible know exactly when we perform tests.

Why is the annual pentest not enough?

With our Ongoing Assume Breach tests, this type of test will be performed continuously throughout the year without notifying your MDR/SOC supplier. This way, both your installation and your preparedness are pressure tested continuously. The attacks we perform should be detected. If not, your solution will be strengthened with information from the attack so you catch it the next time a similar attack occurs.

Different attacks from across the threat spectrum

Attack scenarios are continuously selected by our pentesters. But you can also ask us to test specific attack scenarios that you have worked hard to resist. A mix of your cases and the consultant’s knowledge of the latest attack methods is a good way forward.

We carry out attacks of different levels of severity – from low-noise to advanced attacks. This way, we get a good overview of the value you get out of your cyber defense. Unfortunately, it turns out that it can be simple things that don’t get caught, even if you expect to be at a high maturity level.

Our consultants maintain the right level of knowledge about the threat landscape and attack methods. They stay up-to-date on new attack techniques through courses, certifications and conferences, after which we test attacks ourselves in our lab.

Certifications give consultants a good foundation, but the threat landscape and new tools evolve very quickly. That’s why networks, CTFs, twitter, blog posts, podcasts, etc. are vital tools to keep consultants up-to-date.

Reporting

Every quarter, a report is produced that includes recommendations to better optimize your systems and a time-stamped list of the attacks we have performed. This can be used to check how your MDR/SIEM has responded to the incidents.

As an Assume Breach test is inherently dynamic and can evolve in different directions, the consultant makes ongoing assessments of which attack methods are deployed and in which version and sequence. The report includes MITRE descriptions and time-stamps of all attacks.

Quarterly workshops

The different attacks are reviewed with you every quarter. It can be a good idea to involve people from your SOC or the people who work with your MDR, both internal resources and subcontractors.

Here we discuss the levels of attack in terms of severity and probability. Both successful and unsuccessful attacks are discussed based on how your security controls can be made stronger.

Get in touch with us below to receive a dummy report.

Read about our other services