Red teaming and attack simulation
Outflank’s core service is red teaming and attack simulation. We apply realistic attacker techniques to your environment to prepare your organization for real incidents.
Outflank’s approach to red teaming is unique in the market. We dont think of red teaming as a single sided measure to proof that we can break into your organization without your defensive team noticing. We believe that red teaming should give you better insight into how well your organization is able to defend against attacks and in which aspects your IT security can be improved.
Our unique approach triggers not only your organization’s preventive security controls. To maximize the training effect for your security team we also trigger detective and responsive controls. In other words, if we have hit blind spots in your defenses, we purposely trigger alarm mechanisms in order to give your security team the field training they need. At the end of the engagement we spend time detailing our attack; align our attack time line to your security team’s defensive time line, focus on the mismatches and advice on to how improve.
Hence, Outflank’s unique approach not only gives you insight in your defense’s vulnerabilities, it also leaves your security much better prepared and trained for a real incident.
Since the beginning of the TIBER framework, we have been heavily involved in its development and improvement. We have contributed to the framework by developing testing guidelines and sharing our expert opinion during various meetings with central banks throughout Europe.
Outflank performs TIBER engagements in various corners of the financial sector (banking, insurance, pension services and payment providers), and does so on a regular basis.
Having delivered more than a dozen TIBER tests, we are one of the most experienced providers for this red teaming framework.
- Together with you and based on the latest threat intelligence, we identify relevant threat actors for your organization and determine the crown jewels that they may be interested in. These form the basis for our test objectives: the so-called red flags (e.g. customer information, R&D data or payment systems).
- Using the kill chain model we craft attack scenarios. With realistic attacker techniques such as malware and phishing, we execute our test scenarios and attempt to gain access to the red flags. We may also trigger detection rules on purpose in order to train the security team. Two trusted insiders within your organization are continuously aware of our actions, for safety purposes.
- After the test, we organize an evaluation session with the security team to identify what went well and where your organization can improve its security controls, such as security monitoring and incident response. The results will be documented in a written report and is presented to relevant stakeholders for maximum buy-in and awareness.