Red Teaming and Attack Simulation
Outflank’s core service is red teaming and attack simulation. We apply realistic attacker techniques to your environment to prepare your organization for real incidents.
Outflank’s approach to red teaming is unique in the market. We don’t think of red teaming as a single sided challenge to prove that we can break into your organization without your defensive team noticing. We believe that red teaming should be a collaborative engagement that gives you an informed picture of how well your organization is able to defend against attacks and provides guidance for how your IT security can be improved.
Our unique approach does not simply trigger your organization’s preventive security controls. To ensure that we are providing a true training exercise for your blue team, we also activate detective and responsive controls. If we hit a blind spot in your defenses, we purposely set off alarm mechanisms that prompts your security team into action in order to provide the field experience they need.
To maximize learning, we take the time at the end of the engagement to go over our attack process in detail. This includes aligning our offensive attack timeline to your security team’s defensive timeline, discussing mismatches, and providing advice with actionable steps on to how to make improvements.
Ultimately, Outflank’s unique approach is twofold. We want to give you an informed status report on the strengths and weaknesses of your defenses as well as a training experience that leaves your security much better prepared and trained for a real incident.
TIBER Testing Expertise
We have been heavily involved in the development and improvement of the Threat Intelligence-based Ethical Red Teaming (TIBER) framework from its inception. We have contributed to the framework by developing testing guidelines and sharing our expert opinion during various meetings with central banks throughout Europe.
Outflank performs TIBER engagements in various corners of the financial sector (banking, insurance, pension services and payment providers), and does so on a regular basis.
Having delivered more than a dozen TIBER tests, we are one of the most experienced providers for this red teaming framework.
The Outflank Approach
- Before we begin, we’ll discuss your goal for the engagement. Using your feedback and the latest threat intelligence, we’ll identify relevant threat actors for your organization and determine the crown jewels that they may be interested in. These form the basis for our test objectives: the so-called red flags (e.g. customer information, R&D data or payment systems).
- Next, we’ll craft attack scenarios using the kill chain model. For safety purposes, two trusted insiders within your organization will be chosen to be continuously aware of our actions.
- We’ll then begin to execute our test scenarios using our internal toolset, Outflank Security Tooling (OST), to perform realistic attacker techniques such as malware and phishing. We’ll attempt to gain access to the previous defined objectives and may also trigger detection rules on purpose in order to train the security team.
- After the test, we’ll organize an evaluation session with the security team to identify what went well and where your organization can improve its security controls, such as security monitoring and incident response. The results will be documented in a written report and is presented to relevant stakeholders for maximum buy-in and awareness.