Answer these questions and more with our bespoke blended attack services |
The Issues: Why do I need Blended Attack Testing?
Criminal hacking is no longer a purely technical activity. As awareness of technical security issues and their countermeasures has improved, attackers are increasingly employing other methods to circumvent security controls - such as exploiting unsuspecting users. Thus, the approach of purchasing individual "silver bullet" solutions like firewalls, IDS and IPS must be replaced by an holistic view of security that embraces technology, physical controls and people too.
Staff awareness of social engineering is often particularly weak, leaving most organisations open to abuse both remotely and in person. Covert attacks such as key loggers and web cams are on the increase but most organisations have no way to detect them because users simply do not know what to look for.
So, in today's environments, people are the most important factor in securing your organisation. But how security aware are they? How do you test your "human firewall"?
The Solution: First Base Technologies' Social Engineering Team
Over the past fifteen years, our consultants have conducted numerous penetration tests for some of the largest organisations in the world. Our experience in simulating such attacks has led us to develop a unique approach that combines real-world criminal methods and tools that test the technical, physical and social aspects of your security - hence the term "blended attacks" - a service therefore that also tests the strength of your human firewall.
The reports we produce, which can be tailored to your requirements, will highlight the cultural and psychological areas of vulnerability and so provide a platform upon which to build a security awareness campaign that is fully tailored to your organisation. The results will also highlight key areas in which your policies could be refined, ensuring that your organisation really is as secure as possible.
And, we will also provide you with post-test discussions and meetings to assist you on your journey towards being able to answer "no" to the types of question posed at the top of this page.
The Services: So what can we offer?
Our Social Engineering Team can employ a variety of methods in a combination that you specify, such as:
| Identity theft | We impersonate an employee or trusted third party, such as a cleaner or contractor. We gain access to your premises and attempt to steal legitimate logon credentials, using snooping techniques and devices such as key loggers. |
| Phishing attacks | We craft e-mails that appear to come from within your organisation or trusted partners, in order to deceive your staff into divulging information. This may involve constructing a web site that mimics your legitimate site, or creating a Trojan program to gain access to their desktops. |
| Telephone calls | We can test your help desk security by attempting to persuade them to divulge information or reset remote access passwords. We can target employees to encourage them to divulge confidential or sensitive information. We may also use telephone social engineering to obtain background research for other types of attack. |
| Physical access | We attempt physical access to one or more of your sites to test your physical security. We impersonate an employee, delivery person or visiting engineer - using background research we forge name badges and wear appropriate clothing. We also try to gain access to secure areas such as comms rooms and executive areas. |
| Network access | Whilst on site, we attempt to connect to your network, perhaps in a meeting room or at a vacant desk. We conduct a network mapping exercise and also try to harvest sensitive or confidential information. |
Every test is carried out by one or more (depending on the scope) highly trained professionals. Their findings are reviewed by a senior technical member of staff and the final report, which can be in a format tailored to your requirements, is inspected by a partner before being sent to you.
Once you've received your report, we provide an in-depth discussion of our findings to ensure that the vulnerabilities and solutions are relevant and properly understood. We will also provide support and advice in the future.
We can also assist you in producing training and awareness campaigns. Please click here for more information.
Thus, at First Base Technologies, we pride ourselves in ensuring that we are with you every step of the way in attempting to secure your organisation from a social engineering attack.
| Want more information? |
|
