Advanced Adversary Simulation by DeepSeas RED
July 1, 2023
Why is it important to use an advanced adversary simulation from DeepSeas RED?
Advanced adversary simulation by DeepSeas RED is a next-level, remote engagement designed to examine your organization’s security tool suite installation, monitoring, and maintenance. The simulation tests your organization’s preparedness to combat and detect real-world attacks on the networks and applications which are focused on obtaining and maintaining your most critical information and technology. An advanced adversary simulation will exercise your organization’s procedures and technical protections just as a real-world attack would. The advanced adversary simulation provides your leadership with an independent evaluation of perceived protections.
What does the DeepSeas RED advanced adversary simulation include?
Through a series of simulated cyber attacks, our DeepSeas RED crew observes the steps that are taken by threat intelligence teams to pinpoint, isolate, and defuse attacks. These advanced adversary simulation tests are goal-driven, methodical, and calculated attacks. They are designed to take more time than a typical engagement to keep these targeted attack scenarios realistic. Our crew continually evaluates routes and chooses the most likely attack paths of a would-be attacker. To remain undetected, they move slowly and deliberately to complete their objectives and gradually expand their foothold. At the end of the engagement, the advanced adversary simulation team will have spent weeks occupying the mind of an attacker and amassing a slew of data.
What are the methodology and benefits of the DeepSeas RED advanced adversary simulation?
The advanced adversary simulation tests are goal-driven, methodical, and calculated attacks. The DeepSeas RED crew will be tasked with manifesting what the National Institute of Standards calls a Threat Agent without introducing any significant risk to your organization. To accomplish this, a thorough understanding of your organization is crucial. This begins with a knowledge transfer. Representatives from your organization and DeepSeas RED will meet to discuss critical assets, the target industry, the business model, technologies employed, and goal of the engagement, as well as relevant security incidents and threat events. The DeepSeas RED crew will use this information, combined with data collected during an extensive reconnaissance and intelligence-gathering phase, to build an Advanced Adversary Simulation Operational Plan (AASOP). This AASOP includes aspects like available capabilities and tactics of real Advanced Persistent Threats (APTs) your organization might face.
The first stages of an engagement are always the same, but the next stages depend on the methodology agreed upon by the DeepSeas crew and the client. There are two main types of engagements: assumed breach and black-box.
Assumed breach means shifting the focus to internal detection and response. The strong layers of perimeter security are eschewed as the organization cedes internal access to DeepSeas RED. Practically, this typically means DeepSeas provides the organization with a malware implant, which the organization executes on an internal resource to serve as a foothold.
In a black-box engagement, the DeepSeas RED crew is not ceded any access but is given carte blanche (within reason) to obtain a foothold in the target environment. Physical access is often left out-of-scope, though wireless attacks and things like malware on a USB drive are permitted. The benefit of the black-box methodology is its realism.
What are the outcomes of an advanced adversary simulation from DeepSeas RED?
Results collected during DeepSeas RED Advanced Adversary Simulations are compiled into actionable reports which can reveal your organization’s susceptibility to such elevated cyber attacks to obtain your most sensitive information and the potential impact. The DeepSeas RED comprehensive reports show clearly what steps were taken, how the technologies and a blue team reacted, what was found, and how it was found. The reports provide detailed, proven recommendations to reduce the ongoing risk and are typically supported with evidence in the form of photos and film, or in the case of networks or applications, screen captures. Advanced adversary simulation engagements provide highly valuable information about your defense capabilities and your employees’ security practices. This crucial information is carefully collected to help improve your overall security posture.
If you are considering an advanced adversary simulation, one or more of the following should be true for your organization:
- You have an information security program in place and perform penetration testing every year.
- You must meet regulatory compliance requirements.
- You have protection, monitoring, and detection capabilities in place.
- You conduct routine social engineering exercises, including phishing or vishing.
- You want to expand your security testing capabilities and evaluate the threats of a would-be attacker.