Category Archives: Vulnerability Management

More on Persistent Penetration Testing from MSI

Posted on by
11

MicroSolved has been offering Persistent Penetration Testing (PPT) to select clients now for a couple of years. We have been testing and refining our processes to make sure we had a scalable, value driven, process to offer our full client base. We have decided to open the PPT program up to another round of clients, effective immediately. We will be open to adding three additional clients to the PPT group. In order to qualify, your organization must have an appetite for these services and meet the criteria below:

The services:

  • MSI will actively emulate a focused team of attackers for either a 6 or 12  month period, depending on complexity, pricing and goals
  • During that time, MSI will actively and passively target your organization seeking to reach a desired and negotiated set of goals (usually fraud or theft of IP related data, deeper than traditional pen testing)
  • Full spectrum attacks will be expressed against your organization’s defenses in red team mode, across the time window 
  • Once an initial compromise occurs and the appropriate data has been identified and targeted, we will switch to table top exercises with the appropriate team members to discuss exploitation and exfiltration, prior to action
  • If, and only if, your organization approves and desires, then exploitation and exfiltration will occur (note that this can be pivoted from real world systems to test/QA environments at this point)
  • Reporting and socialization of the findings occurs, along with mitigation strategies, awareness training and executive level briefings
  • The process then repeats, as desired, through the terms and sets of goals

The criteria for qualification; Your organization must:

  • Have full executive support for the initiative, all the way to the C-level and/or Board of Directors
  • Have a mature detection and egress process in place (otherwise, the test will simply identify the needs for these components)
  • Have the will to emulate real world threat activity without applying compliance-based thinking and other unnatural restraints to the process
  • Have a capable security team for MSI to work with that has the capability to interface with the targeted lines of business in a rapid, rational and safe manner
  • If desired, have the capability to construct testing/QA platforms and networks to model real world deployments in a rapid and accurate fashion (requires rapid VM capability)
  • Be open to engaging in an exercise with an emulated aggressive adversary to establish real world risk and threat profiles
  • Be located in the US (sorry, we are not currently accepting non-US organizations for this service at this point)

If your organization meets these requirements and you are interested in discussing PPT services, please drop me a line (Twitter: @lbhuston), or via email at Info at microsolved dot com. You can also reach me via phone at (614) 351-1237 x 201.

June’s Touchdown Task: EVA Coverage Check

Posted on by
3

The touchdown task for June is to perform a quick and dirty check of your ongoing external vulnerability assessment. By now, you should have your Internet facing systems assessed each month, with weekly or daily checks applied to critical systems. If you aren’t having your systems assessed for vulnerabilities in an ongoing manner, get that process started. MSI can assist you with this, of course. 

But, the task for June is to check and make sure that ALL of your public Internet facing systems, interfaces and devices are being assessed. Sometimes new systems might get added to the public IP space without making it into your assessment plan. Take an hour and check to make sure all the devices you know of are covered by the assessment. Do some quick ping/port scanning to make sure you are getting coverage and nothing has snuck in that is being missed. Give your assessment process a quick review and make sure that it is running on the proper IP spaces or lists and that the reports are as you expect.

Until next month, stay safe out there!