Cyber Security testing is a really important tool in your overall security strategy to help identify weaknesses in your security posture and track progress towards mitigating these weaknesses. Customers typically want their cyber testing to address the following:
There are 4 significant challenges with the current use of cybersecurity testing solutions:
- They tend to be used infrequently, offering a point-in-time view, often due to the cost, disruption, and risks of running the test.
- A lot of organizations take a one-dimensional approach to testing using the same single testing solution such as vulnerability assessment or penetration testing each time.
- Organisations tend to test the same scope each time, e.g. my network perimeter.
- Manual testing provides the flexibility and value from the skill offered by an experienced penetration tester but is hard to scale and deliver continuously. Automated testing provides scale, efficiency, and the opportunity for continuous testing but is typically more regimented and doesn’t think laterally the way a human adversary might.
In a landscape where the threats and exploits arise and evolve weekly, organisations need to test more comprehensively and more frequently to get the best value in terms of identifying weaknesses in a timely fashion, baselining in a quantifiable way their security effectiveness and mitigation progress.
Ward Solutions Breach Attack Simulation (BAS) is an innovative addition to our comprehensive suite of cyber testing. Ward Breach Attack Simulation Service offers customers a solution to the challenges of traditional cyber testing. We offer our Breach Attack Simulation Service flexibly to our customers as an engagement or as a continuous service.
What is Breach Attack Simulation?
Breach Attack Simulation is the latest Cyber Security Testing technology that allows enterprises to simulate complex cyber attacks on demand and to scale using industry frameworks such as the MITRE attack framework. Our BAS services allow our testing consultants to use their expertise and augment this expertise with the latest uses of breach attack simulation technology from our partner PICUS to test, measure, interpret and recommend mitigations of your protection and detection security infrastructure. It allows the possible testing of over 10,000 readily available threats.
How does Wards Breach Attack Simulation Service work?
Our experienced cyber testing consultants work with you to determine how you want to test and exercise, offering one of the following models:
- Red Team Testing using BAS
- An initial assessment using BAS
- Continuous Testing using BAS
We then assess the vectors you want to test such as email, firewalls, gateways, endpoints, SIEM, etc. We then deploy agents from PICUS on your infrastructure to test the vectors you want to be tested – firewalls, gateways, email, endpoint, SIEM, etc.
We conduct the tests, produce and review the report and work with you to transfer the knowledge to your teams and vendors as to what we have found and what we recommend to mitigate.
If we are providing continuous testing we then retest at the agreed frequency producing updated findings and noting trends.
What are the Benefits of Wards Breach Attack Simulation service to you?
The Ward BAS service offers customers a meaningful baseline of the effectiveness of your security infrastructure, measuring how many attacks got through your Prevent/Protect infrastructure or were picked up by your Detect infrastructure and how many were blocked. By using the PICUS toolset we offer customers not only the significantly increased scale of testing but also the possibility of continuous or more frequent testing and baselining.
Where does Ward Solutions Breach Attack Simulation Service fit with my other cyber testing?
Ward Solutions Breach Attack Simulation is part of your overall cyber test strategy. It provides a rapid, highly automated test coverage of security Prevent/Protect and Detect infrastructure offering a numerical measure of security efficiency.
Breach Attack Simulation should be part of an appropriate mix of cyber testing to gain more complete coverage of your total risk and vulnerability status.
- You should conduct continuous vulnerability assessment/testing and run vulnerability management to mitigate risks from known and prioritized vulnerabilities to your software and infrastructure
- You should conduct regular physical penetration testing or social engineering to cover the cyber-physical risks and vulnerabilities.
- You should conduct manual penetration testing to test for the risks, vulnerabilities, and exploits that the human adversary, the lateral thinker in conjunction with their use TTP’s – can uncover. Manual penetration testing should cover both infrastructure and applications penetration testing in the cloud and on-premises.
- You should use Red Team advance penetration testing to exercise your teams collaboratively with our team of adversaries, which may include the use of Wards Breach Attack Simulation Service to cover their security operations and organisational incident response processes.
- You should conduct regular security audits to verify compliance with security processes and procedures.
- You should conduct regular risk assessments to ensure your risk register is up to date and relevant. Your risk register will help prioritize what and how you test and how often.
Ward Solutions partnering with PICUS
At Ward, we believe in employing the best people and using the best technologies to help deliver on our mission of securing our customer’s systems, people, and data. When we want to develop a new cyber testing service to address the challenges that our customers we having we researched the best technology provider for the service we envisaged.
One vendor’s technology stood out from our market research and our technology due to diligence – PICUS Security. We trialled the technology in our solutions development and the results were outstanding.
We signed partnership agreement with PICUS as Ireland’s only PICUS partner, allowing us to use in our consulting engagements, in our managed services, and in our resale to customer the PICUS technology.
To discuss how Ward Solutions Breach Attack Simulation service can measure and help improve your security efficiency:
- Contact our sales team: Information Security – Ward Solutions or call 01 6420100
- To get more information visit our website at Cybersecurity Testing – Ward Solutions
- To view a video on Wards Breach Attack Simulation service visit www.ward.ie/
- To view our partner’s technology go to www.picussecurity.com.
