REDSOC RECON & ATTACK

GET READY TO FACE
THE ADVERSARY
Overview

Security testing from an attacker perspective

Most organisations find it challenging to identify and address vulnerabilities as their IT environment continues to grow and evolve. These risks can be identified and mitigated through a combination of qualified scanning activities performed by experienced RedTeam testers that recon and act as a real-life attacker.

Cyber threats continue to evolve and cloud- and on-premise environments grow through the adoption of new and variable technologies. Continuous development and delivery results in frequent deployment of new applications, code and infrastructure, making a yearly penetration and application test obsolete in just a couple of weeks. This makes it challenging to keep up with attackers that continuously search for new attack surfaces.

As attackers tend to target the lowest hanging fruits, vulnerabilities that can easily be found and exploited, these need to be quickly identified and mitigated to protect critical assets and confidential information.

The Solution – Adopt the same approach as a real-life attacker

Usually, an attacker maps the organization’s IT environment using various scanning tools in order to find security vulnerabilities that can be exploited. As the organization’s attack surfaces are constantly shifting, security tests cannot be one-off activities. Instead, the tests need to be done continuously to match the way applications and infrastructure are managed and updated. Consequently, the best way to successfully identify and mitigate these vulnerabilities is to use the same approach as a real attacker.

Sentor offers the service RedSOC Recon and Attack, which is a combination of managed port and vulnerability scans and manual tests performed by experienced pentesters. All activities are performed remotely from Sentors RedSOC, which is the offensive part of Sentor’s SOC operations.

Service levels

Sentor’s offer consist of three service levels; RedSOC Recon 1, RedSOC Recon 2 and RedSOC Attack. Each level can be delivered separately, but we recommend incorporating all to get the highest value of the service. The model is “inclusive” in the way that the higher service level incorporates the underlying service, so by buying RedSOC Attack, Recon 1 and Recon 2 will be included in the delivery.

redsoc recon and attack

RedSOC Recon 1

We perform external and/or internal port scans. Our scanning activities identify IP addresses with ports that are reachable from the internet and might be targets of external attacks, unknown assets and services as well as changes in the environment. Internal port scans are performed using Sentor’s service infrastructure placed in the customer’s internal environment, ensuring secure communication and access.

Key advantages

  • Detection of unauthorized changes or better understanding of exposure
  • Detection of unknown resources connected to corporate networks
  • Updated information on exposed IP-addresses and ports
  • Delta changes when a new IP/Port is exposed or decommissioned
  • Resolved hostnames/FQDN when available for easier identification
  • Identification of the service running on the detected port, lower false positive rate

RedSOC Recon 2

We conduct internal and/or external vulnerability scans using industry leading vulnerability scanning solutions updated with the latest vulnerability signatures, fine-tuned by Senior Penetration Testers in our RedTeam. Top findings are validated manually by experienced testers before reporting to customers as tickets in Sentor’s Customer Portal. Internal vulnerability scans are delivered using our Service Delivery Platform.

Key advantages

  • Includes RedSOC Recon level 1 delivery
  • Track and manage vulnerabilities. Current information on vulnerabilities in your infrastructure and applications, but with historical data to be able to follow changes and fixes over time and measure the effectiveness of patch and vulnerability management in the organisation.
  • Integrated in your processes with expert support. A workflow/Incident Response Plan (IRP) that Sentor SOC will use to integrate the finding and fixing of vulnerabilities into the customers standard operations with the SOC as a partner to query and escalate to when needed.
  • Continuous scanning with high coverage. As the infra and apps change over time, the customer can rest assured that Sentor will test everything continuously without planning, purchasing services, etc.
  • Ad-hoc scanning when you need it. Possibilities to request targeted tests on short notice and without extensive planning and overhead costs.
  • Cost control. A fixed, forecastable cost for vulnerability scanning that can be budgeted and managed.
  • A security partner, not a product. A partner with a great track record in security testing with a huge knowledge base and many experts in different areas of security testing.

RedSOC Attack

RedSOC Attack is a managed service, where our RedTeam testers act as a real attacker. They use information from automated scans together with their vast experience bank, in order to find the easiest way in to access an organization’s infrastructure, applications and data. The service runs continuously and findings are reported to the customer as they are discovered and validated.

By acting as an attacker, Sentor can provide the customer with in depth understanding of security posture, weak links and architectural problems that can be exploited. This includes lateral movement, alternative access paths to critical data, possibilities to compromise central assets like Active Directory or critical applications. The scope can be defined for a specific purpose, or Sentor is given free hands to identify attack vectors to test. For RedSOC Attack, a quarterly workshop with the customer is included to discuss the client’s underlying security challenges.

Key advantages

  • Includes Recon Level 1 (port scanning) and Recon level 2 (vulnerability scanning) services
  • Continuous penetration testing both internal and external identifying actual security problems that can compromise infrastructure, applications and data
  • Holistic approach to testing where the weakest links can be identified instead of a set scope where other weaknesses has to be ignored because they are out of scope
  • Relevant examples of how the environment can be compromised, not only possible vectors and vulnerabilities
  • Comprehensive advice on how to mitigate valid and tested attack vectors

Do you want more information? Please send your e-mail address and we will get back to you!

Security Operations Center

Sentor’s managed SOC services are divided into two types; BlueSOC services and RedSOC services. BlueSOC services are defensive by nature and aim to maintain internal defense, by detecting and responding to cyber threats. Sentor’s RedSOC services are offensive and aim to continuously identify and address deficiencies in the customer’s security posture, both technical vulnerabilities and more structural weaknesses.

Read more!

Want to get in touch?