Assessing Defenses
STORMHAVEN is a privately held and venture backed cybersecurity company with operations in North America and Europe. STORMHAVEN was founded by cybersecurity veterans with unparalleled experience in advanced vulnerability research and active cyber defense.
We've created STORMHAVEN to build a global organization of talented security researchers working together to provide the most up-to-date source of cybersecurity research and capabilities.
With Stormhaven Red Team Assessment, our security experts use our experience from the front lines of cyber attacks to simulate the tools, tactics and procedures (TTPs) of real-world attackers that target your environment.
Red Team Assessments focus on your ability to safeguard your most critical assets. Red Teaming for Security Operations adds an additional component: working with your internal security team or security operations center (SOC) to detect red team activity in progress and provide a post-mortem analysis of your detection and response capabilities.
Real Attacks. Real Responses. Real Results.
Red Team Assessments focus on giving your security team practical experience combatting real cyber attacks. While avoiding business damaging tactics, these assessments use conventional and advanced attacker TTPs to target agreed-upon objectives. You define the attack objectives — usually worst-case business scenarios — and the Stormhaven Red Team goes to work. In a Red Team Assessment, the team goes through the full attack lifecycle, from initial reconnaissance to mission completion.
Red Teaming for Security Operations builds on the Red Team Assessment by including a consultant who oversees all incident response (IR) and defense-related activities and acts as a liaison with the red team. The objective is to test and validate your ability to detect malicious activity and evaluate your response to the detected events (including what processes, tools and staffing are used).
If security monitoring is outsourced to a third-party service provider, the Stormhaven consultant works with the provider to understand what alerts are being generated. In their role as incident responder, they collaborate with the personnel responsible for acting on the alerts provided by the third-party service provider.
Our Approach
The Stormhaven Red Team relies on a systematic, repeatable and reproducible methodology. They begin by establishing the following core information and rules of engagement:
Does the Red Team begin its effort with information about your environment (white box) or with no information at all (black box)?
What intelligence does Stormhaven already have about high-risk assets and vulnerabilities in your industry?
What objectives do you want the Red Team to accomplish in simulating a real-world attack?
In a Red Team Assessment, after identifying three to five objectives, the red team attempts to breach your environment, maintain persistence, escalate privileges, obtain access to key systems, generate fake data that emulates sensitive production data and simulate data theft. These assessments focus on non-disruptive, non-damaging tactics to achieve their objectives. Real attackers try their best not to disrupt their target because people ask questions when services go down.
The Red Teaming for Security Operations methodology is identical to Red Team Assessments, except that it embeds an IR expert with your internal security team or SOC. This Stormhaven IR expert is dedicated to working with your security team to enhance their prevention, detection and response capabilities. They also help refine existing processes and procedures to reduce the mean time it takes to detect and respond to incidents.
After the assessment is complete, the Red Team and the Stormhaven IR expert work with your security team to evaluate your security posture in the context of the attack lifecycle (Fig. 1).
Attack Lifecycle
Together we review the effectiveness of your organization’s procedures, applaud the areas where your security team identified red team activity, identify the gaps in detection and determine the areas where your security program can be enhanced. We believe the Red Teaming for Security Operations service is the best way to assess the effectiveness of your security controls and ability to prevent, detect and respond to malicious activity where it matters most.
IF YOU ARE NOT DOING THIS HOW DO YOU KNOW IF YOU CAN DETECT THESE KINDS OF ATTACKS