One of the largest threats your organization could face is the inability to detect various types of attackers as an incident occurs. Don’t allow attackers to have more visibility than you do into your own environment.

The Assumed Breach Assessment gets its title because most industry experts agree that any organization will experience a successful breach in some fashion. To be prepared for this reality and develop a full remediation roadmap on how to address visibility gaps, we will simulate post-compromise activities and the types of lateral movements that would occur during a specific threat event.

Given the wide variety of techniques and motives across different types of attackers, we take a unique approach in emulating tactics, techniques, and procedures (TTPs) employed by various groups of threat actors. We perform several different advanced tests to locate weak points within the security program and technical controls.

In the event of a compromise and lateral movement into the network by an attacker, additional discovery techniques are implemented to learn the infrastructure and identify high-value targets. During this phase, the lateral movement exercises from a pure network perspective will occur, simulating the activities of a compromise. We will simulate the discovery phase of an attacker in order to pivot into other systems within the infrastructure. Additionally, simulation of sensitive data exfiltration will occur to identify gaps in data loss prevention (DLP) products and review alerts generated from network traffic pattern spikes related to large bulk data transfers.