Attack Simulations
Train as you fight!
All theory is grey: are you prepared for a real attack?
Unlike a penetration test, the focus of our attack simulations is not exclusively on technical measures, but primarily on the processes for incident and emergency management as well as detection (attack recognition, analysis of sensor technology) and response.
Of course, security vulnerabilities are also sought and, if necessary, exploited. However, the focus is on how the IT organisation deals with extreme situations and attacks.
We distinguish between Red Teaming and Assumed Breach Simulations in our attack simulations.
Red Teaming
Red teamings do not necessarily uncover all technical weaknesses in the company, but are aimed at fulfilling a previously defined mission. This can be, for example, the leaking of certain company secrets or the paralysis of a specific business unit.
From our point of view, such a measure is most efficient if everything has already been done in advance to optimally protect your IT organisation. Red teaming is therefore a complementary building block. It is essentially about teaching you and your team what a real attack looks like and enabling your team to withstand this attack in the best possible way.
Assume Breach
In our Assume Breach procedure, we simulate the misbehaviour of employees or the exploitation of an existing vulnerability in the external infrastructure. We act like an attacker who gains initial access to the company systems through a phishing mail or a vulnerability and then spreads further.
This allows us to analyse how the defence mechanisms in place detect the attack and react to stop it. Do the procedures work and are effective immediate measures taken? We'll find out!
When does an attack simulation make sense for my company?
- You have laid the theoretical foundations.
- You want to know how a real cyberattack will affect your systems.
- You want to find out whether your defence mechanisms are effective.
- You want to see if you can recognise attacks before it's too late.
Our attack simulations
Red Teaming
Does your company recognise and survive a real cyber attack?
Confidence to act in an emergency! That is the aim of a Red Teaming. We act like real attackers and attack your company. Without compromise.
Assume Breach
Are you confident when the attackers are already in the network?
Whether internal attacks, zero-day exploits or phishing attacks: there are many ways for attackers to penetrate the internal network. Do your security mechanisms recognise lateral movement and are you able to act appropriately?
CASMART
Continuous Attack Surface Monitoring and Red Teaming
A clear picture of the current threat situation, coupled with targeted red teaming operations - that's what CASMART offers. With a regular contingent of deployment days and continuous monitoring of the threat situation, you are one step ahead of attackers!
Sensory test
Does your SOC deliver what it promises?
A sensory test offers you the opportunity to check and specifically improve the effectiveness and efficiency of your safety systems and processes.
The colleagues at Laokoon were on hand to answer any questions we had and provided uncomplicated support.
Team Leader Development