It is the process of "simulating a real attack" executed by a cybersecurity professional directly on the production infrastructure, however, it is carried out in a controlled manner avoiding disruptions to business operations.
The professionals belong to the so-called Red Team who have the same knowledge and skills as cybercriminals and are able to emulate attacker behaviors and techniques.
Multiple ways of attacking different targets are explored by applying different techniques and methodologies, to identify and demonstrate ways to exploit security vulnerabilities.
Identify and classify vulnerabilities in different network devices, servers, systems, applications.
Identify weaknesses at the technological infrastructure configuration level and prevent resource exposure. It is a proactive defensive strategy against possible attacks, using recommended configurations that seek to strengthen system configurations by closing security "gaps" establishing a baseline of secure configurations.
Improve risk awareness
Define more robust security processes
Improve security strategy
Strengthen security measures
Anticipate possible security failures
Limit attacker capabilities
The execution of projects of this type of service will depend on the size of the infrastructure to be evaluated or objectives that will be part of the scope; it is generally divided into 2 phases:
If only technical activities are carried out, these services can be performed remotely or in person, however, it could include on-site activities when it is required to complement with tasks such as:
Additionally, these services can be performed permanently and iterative activities are carried out throughout the year.
Executive report
Technical report
Results presentation
Re-test (additional cost)