Proactive Offensive Security

What is Offensive Security (a.k.a. Penetration Testing)?

The primary difference between a Red Team specialist and a malicious adversary is the results of their efforts. A malicious adversary might compromise a facility to gain system access to steal data, gain competitive secrets, or otherwise cause damage to the focus of their attack. A Red Team specialist will use the same techniques and methodologies with legal permission to penetrate the same target but with different goals in mind:

  • Testing security controls to check for vulnerabilities that need remediating.

  • Demonstrating shortcomings in security or policies that need to be addressed.

  • Enhancing security monitoring and alerts to enable proper and timely response.

  • Improve the company’s overall security posture against potential threats.

  • Identify security areas for additional training of contractors, employees, and physicians.

  • Meet regulatory requirements.

  • Proactive architectural consulting on ideas and initiatives to ensure security is considered / baked-in up front.

  • Identify areas of concern with newly acquired entities and collaborate with the proper colleagues to remediate them to ensure the new entity meets Company Standards and Policies.

  • Analyze known threats to simulate a specific, non-threatening test in your environment without the adverse effects of an attack to protect against threat actors.

Penetration Test Service Levels

Penetration testing provides a way for a business to test the security controls protecting their environment and data. 

  • Network Penetration Test - The Network Penetration Test is to identify exploitable vulnerabilities or insufficient security controls with your network that may result in access to your environment. Periodic penetration test also ensure your monitoring team is receiving adequate alert levels.

  • Physical Penetration Test – Physical Penetration Test is performed as a malicious limited and/or uncredentialed user to simulate an attacker with little or no prior knowledge of the physical security environment. 

  • Application / Solution Focused Penetration Test (AFPT) - Application Penetration Test looks at user interfaces, application programming interfaces (APIs), and any systems making up the solution to focus on identifying exploitable vulnerabilities so that they may be remediated. AFPT can be performed on internally developed applications or with proper legal agreements in place test vendor solutions used by your company.

  • Web Applications (SaaS) Penetration Test – A comprehensive security assessment conducted to evaluate the vulnerability of web-based software solutions offered as a service (SaaS). This type of test aims to identify and exploit potential weaknesses within the application, including vulnerabilities in code, configuration settings, authentication mechanisms, and access controls. By simulating real-world attack scenarios, such as SQL injection or cross-site scripting, the penetration test helps uncover security gaps that could be exploited by malicious actors, ultimately allowing organizations to strengthen their defenses and protect sensitive data from unauthorized access or manipulation.

  • Purple Team Exercises – With years of team knowledge and experience from field exercises, federal emergency management exercises, cyber exercises and simulations, and table top exercises along with the ability to deweaponize  known threats; we’ll work with your team to scope and design test scenarios in order to provide a very targeted set of testing based on Purple Team requirements to ensure known attack vector signatures are being caught and acted upon by your cyber defense center.

“We already perform regular assessments, why is a penetration test needed?”

Offensive Security, also known as “red team”, “red teaming”, “ethical hacking”, “penetration testing”, “white hats”; is a kind of security that encompasses both physical and cyber, that aggressively tries to utilize surreptitious techniques to gain access into facilities, systems, applications, and equipment/devices to exploit vulnerabilities in security controls and policies.

A vulnerability assessment intends to help identify physical and nonphysical weaknesses in security and policies. The technique is used to estimate how susceptible the company is to different vulnerabilities. A vulnerability assessment includes the use of automated security scanning tools whose results are listed in the report. As findings reflected in a vulnerability assessment report are not backed by an attempt to exploit them, some of them may be false positives.

A solid vulnerability assessment report should contain the title, the description, the severity (high, medium or low), related policies/standards reference, and an option of how to remediate each vulnerability uncovered. 

The purpose of penetration testing is to determine whether a detected vulnerability is genuine. If a pentester manages to exploit a vulnerability, it is considered genuine. The report can also show unexploitable vulnerabilities as theoretical findings. Don’t confuse these theoretical findings with false positives. Theoretical vulnerabilities still threaten security, but it’s a bad idea to exploit them as it may lead to unintended actual harm to the business, facility, or persons which may be the intent of an unscrupulous threat actor.

A reputable provider of penetration testing services will use automated tools sparingly and usually as a starting point. Practice shows that comprehensive penetration testing should be mostly manual.

During the exploitation stage, a pentester tries to gain unauthorized access to facilities and systems and then exfiltrate data or otherwise simulate a malicious actor, thus proving the vulnerability as a valid threat.