Train as you fight!

Attack simulation

All theory is grey: are you prepared for a real attack?

Unlike a penetration test, the focus of our attack simulations is not exclusively on technical measures, but primarily on the processes for incident and emergency management as well as detection (attack recognition, analysis of sensor technology) and response.

Of course, security vulnerabilities are also sought and, if necessary, exploited. However, the focus is on how the IT organisation deals with extreme situations and attacks.

We distinguish between Red Teaming and Assumed Breach Simulations in our attack simulations.

Red Teaming

Red teamings do not necessarily uncover all technical weaknesses in the company, but are aimed at fulfilling a predetermined task. This can be, for example, the leaking of certain company secrets or the paralysis of a specific business unit.

From our point of view, such a measure is most efficient if everything has already been done in advance to optimally protect your IT organisation. Red teaming is therefore a complementary component. It is essentially about teaching you and your team what a real attack looks like and enabling your team to withstand this attack in the best possible way.

Assume Breach

In our Assume Breach procedure, we simulate the misbehaviour of employees or the exploitation of an existing vulnerability in the external infrastructure. We act like an attacker who gains initial access to the company systems through a phishing mail or a vulnerability and then spreads further.

This enables us to analyse how the defence mechanisms in place detect the attack and react to stop it. Do the procedures work and are effective immediate measures taken? We find out!

Our attack simulations