DataShepherd Security
1 like114 views
This document describes red team and blue team security services offered by Optimal Risk to test organizations' security preparedness and response. Red team services involve simulated physical and cyber attacks to identify vulnerabilities, while blue team services provide security reinforcement, risk analysis, and incident response support. The goal is to help organizations build resilience against sophisticated threats through strategic recommendations and an ongoing security assessment program.
![Red Team Security Services
TestingYourPreparedness–ExercisingYourResponse
PHYSICAL SECURITY
RED TEAM
BLUE TEAM
CYBER SECURITY
CONVERGED SECURITY RISK SERVICES
Consultancy & Planning
Surveys & Audits
Intruder Testing
Threat Modeling & Forensics
Advanced Cyber Defence
Risk Analysis
Reinforcing Your Security
Building Your Resilience
Testing Your Preparedness
Exercising Your Response
Converged Security Risk Services
Testing Your Preparedness
Red team exercises are a sophisticated approach to test security protocols &
awareness; and ultimately to address security requirements and evaluate the
risk involved in their viability, modelling potential threats on all potential
layers of potential attack.
Optimal Risk can deliver an advanced capability to mimic real world attack
scenarios, sans the actual risk of being targets of such attacks. A converged
approach simulates:
Physical attacks on company facilities or employees which may be used as a
conduit to obtain further access into networks, or manipulated into
disclosing sensitive data; and testing the security awareness of employees,
who might discloses personal information to fictitious forms, respond to
fraudulent e-mails or download malicious files.
Cyber-attacks on internet-facing assets such as external networks, and
vulnerable web applications which may be exploited by an attacker to
disclose its entire backend database to a web server; And cyber-attacks on
intranet-facing assets, such as internal and wireless networks to reveal high
severity vulnerabilities within working applications, and code review to flag
bad practices within environments particularly that constitute exploitable
vulnerabilities
Exercising Your Response
Red teaming is not just about security. It is about resilience, and how your
organisation responds to realistic simulated incidents & emergencies; how it
enacts & adapts business continuity plans, how appropriate your contingency
plans are, and under which conditions they are more likely to fail.
Red teaming will invariably identify multiple points of failure whether
technical, or human, or procedural. It will check your situational awareness;
your ability to anticipate the development of multi-stage crises; and give a
broad base for evaluation of the organisation’s effectiveness in response,
incorporating monitoring, mentoring and debriefs.
Red Team Services Incorporate:
Gathering open source intelligence on key employees
and leveraging this knowledge to subvert employees
Compromise of employees which may be coerced to
obtain further access into networks, or manipulated into
disclosing sensitive data
Ethical Spear Phishing
Physically infiltrate facilities and gain access to internal
devices & networks
Deliver custom malware on physical devices to
employees
Provide an assessment of overall physical security
countermeasures, from guard behaviour and adherence
to protocol, to enumerating security cameras and
assessing their coverage
Identify response process, speed, and effectiveness to a
breach incident.
APT simulation and Custom Malware Insertion
Penetration Testing of:
• Infrastructure including VPN
• Wi-Fi networks including the executives’ homes
• Applications including Mobile [and code review]
• Mobile Phones
All intended to provide
Short-term tactical fixes for immediate remediation of any outstanding
vulnerabilities within the tested environments.
Long-term strategic measures that will proactively thwart any potential
repetition of vulnerabilities discovered during testing.
A robust set of conclusions and industry best practice recommendations
based on real-world scenarios and tangible evidence of performance.
Prompt engagement in program of remediation efforts and continued
security assessment to ensure a consistent and ongoing security risk
monitoring and security posture reinforcement. See BLUE TEAM SERVICES
Proactive Security in a Reactive World](https://image.slidesharecdn.com/29658c6a-25ce-40ca-b8d6-42590ae0c1a0-150914124241-lva1-app6891/85/DataShepherd-Security-1-320.jpg)
DataShepherd Security
- 1. Red Team Security Services TestingYourPreparedness–ExercisingYourResponse PHYSICAL SECURITY RED TEAM BLUE TEAM CYBER SECURITY CONVERGED SECURITY RISK SERVICES Consultancy & Planning Surveys & Audits Intruder Testing Threat Modeling & Forensics Advanced Cyber Defence Risk Analysis Reinforcing Your Security Building Your Resilience Testing Your Preparedness Exercising Your Response Converged Security Risk Services Testing Your Preparedness Red team exercises are a sophisticated approach to test security protocols & awareness; and ultimately to address security requirements and evaluate the risk involved in their viability, modelling potential threats on all potential layers of potential attack. Optimal Risk can deliver an advanced capability to mimic real world attack scenarios, sans the actual risk of being targets of such attacks. A converged approach simulates: Physical attacks on company facilities or employees which may be used as a conduit to obtain further access into networks, or manipulated into disclosing sensitive data; and testing the security awareness of employees, who might discloses personal information to fictitious forms, respond to fraudulent e-mails or download malicious files. Cyber-attacks on internet-facing assets such as external networks, and vulnerable web applications which may be exploited by an attacker to disclose its entire backend database to a web server; And cyber-attacks on intranet-facing assets, such as internal and wireless networks to reveal high severity vulnerabilities within working applications, and code review to flag bad practices within environments particularly that constitute exploitable vulnerabilities Exercising Your Response Red teaming is not just about security. It is about resilience, and how your organisation responds to realistic simulated incidents & emergencies; how it enacts & adapts business continuity plans, how appropriate your contingency plans are, and under which conditions they are more likely to fail. Red teaming will invariably identify multiple points of failure whether technical, or human, or procedural. It will check your situational awareness; your ability to anticipate the development of multi-stage crises; and give a broad base for evaluation of the organisation’s effectiveness in response, incorporating monitoring, mentoring and debriefs. Red Team Services Incorporate: Gathering open source intelligence on key employees and leveraging this knowledge to subvert employees Compromise of employees which may be coerced to obtain further access into networks, or manipulated into disclosing sensitive data Ethical Spear Phishing Physically infiltrate facilities and gain access to internal devices & networks Deliver custom malware on physical devices to employees Provide an assessment of overall physical security countermeasures, from guard behaviour and adherence to protocol, to enumerating security cameras and assessing their coverage Identify response process, speed, and effectiveness to a breach incident. APT simulation and Custom Malware Insertion Penetration Testing of: • Infrastructure including VPN • Wi-Fi networks including the executives’ homes • Applications including Mobile [and code review] • Mobile Phones All intended to provide Short-term tactical fixes for immediate remediation of any outstanding vulnerabilities within the tested environments. Long-term strategic measures that will proactively thwart any potential repetition of vulnerabilities discovered during testing. A robust set of conclusions and industry best practice recommendations based on real-world scenarios and tangible evidence of performance. Prompt engagement in program of remediation efforts and continued security assessment to ensure a consistent and ongoing security risk monitoring and security posture reinforcement. See BLUE TEAM SERVICES Proactive Security in a Reactive World
- 2. Building Your Resilience The cyber threat to industry continues to rise in line with the increasing dependence & interconnectivity of systems. As company operations have become totally reliant on ICT technologies, the nature & complexity of threats has evolved aggressively, and all sectors are increasingly vulnerable. The heightened level of cyber threat should drive your focus on the types of vulnerability inherent to both IT and operating systems, as well as a regular converged risk assessments, specifically to build greater resilience. Increasing emphasis should be placed on mitigating higher probability risks, the ability to react rapidly, enact contingency plans effectively, and has amplified the importance of business continuity planning. This goes some way towards building a base level of preparedness & resilience within organisations. Optimal Risk’s Blue Team services can raise your security & resilience in the face of increasingly sophisticated threats. Advanced and persistent cyber attacks can perpetrate damage that was not previously considered in the realm of information assurance or network security, hence current resilience concepts do not sufficiently address the potentially high impact of advanced or converged threats to information or intangible assets from cyber criminals. Blue Team Services Incorporate: Security Strategy, Planning & Consulting Security Audits & Surveys Response & Protection Services IT Forensics and Cyber Incident Response Foreign Travel Threat Awareness Training Security Risk and Counter-espionage Awareness Risk Intelligence & Analyses Threat Modelling Risk Scenario-Building Workshops Quantitative Risk Analysis see our FAIR methodology Digital Footprint and Social Media Sweeping Reverse Engineering Applications and Infrastructure Design Review Secure Development Lifecycle DDoS Mitigation Advanced Cyber Defence Reputational Risk Crisis Management Blue Team Security Services ReinforcingYourSecurity–BuildingYourResilience PHYSICAL SECURITY RED TEAM BLUE TEAM CYBER SECURITY CONVERGED SECURITY RISK SERVICES Consultancy & Planning Surveys & Audits Intruder Testing Threat Modeling & Forensics Advanced Cyber Defence Risk Analysis Reinforcing Your Security Building Your Resilience Testing Your Preparedness Exercising Your Response Reinforcing your Security Blue teams provide reinforcement where & when you need it most, and help you plan for those circumstances. Our Blue team services provide the range of support you require to anticipate & mitigate converged threats, and the range of security risks to your organisation from determined adversaries, criminals, or terrorism. Designed to maintain & supplement the effectiveness of your physical and IT security capabilities, develop preparedness for a broad range of scenarios, and provide appropriate response & recovery capacity, Optimal Risk provides a truly unique range of cyber & physical consulting & services. All intended to provide Ensure effective policy & processes appropriate to task, and best practices in adoption of security measures & application of controls. Greater security awareness, and risk management built upon a structured scenario and risk register process. Advanced and on-demand capabilities, that minimize impact of security incidents, and enable rapid return to fully effective operating services. Integrated security, business continuity, and crisis response planning for converged risks, based on our unique understanding of the current and future threats your organisation faces. Proactive Security in a Reactive World Converged Security Risk Services