In recent years, team Equilibrium have observed a growing demand for more realistic penetration tests, based on an assumed breach model and using real-world attack scenarios.
It has become apparent that our clients want to know more than simply whether their network perimeter is secured.
- How about if it isn’t?
- What would happen if a hacker could bypass security and enter your internal network?
This is where assumed breach and scenario testing steps in. Don’t worry, they’re not just more security buzzwords!
You may not be familiar with the techie jargon, but hold tight. Let’s give you the rundown.
What is an assumed breach penetration test and scenario-based penetration testing?
A scenario-based penetration testing approach mimics the actions and motives of real-life hackers. It is a more threat-centric approach to security testing.
Whilst a traditional pen test is designed to uncover security flaws, scenario-based testing assesses the effectiveness of your technical controls, against certain adversarial behaviours and attack vectors.
Your penetration testing partner will begin by understanding your biggest security risks. They can then plan a simulated attack, tailored to your business and the realistic threats you face.
Sample test cases:
- A breach could start by a convincing social engineered phishing attack, using publicly available information about your employees online.
- An unsuspecting employee clicks on a ‘malicious’ link in an email and shares their credentials.
- From here, could a ethical hacker leverage further network access via a domain-joined computer, how about a privileged account with administrative controls?
- Once access is gained, is it possible to bypass 2FA and get into systems which hold sensitive data or host business critical services?
Using pen test scenarios provides a broader visibility of threats across your environment. By simulating attacks from an external, internal, and rogue user perspective you can see how your controls would stand up against coordinated attack. This threat-centric approach is more realistic if you were to experience a breach.
Assumed breach testing begins from a ‘compromised system’
This security assessment approach differs from standard pen testing, as it begins by assuming your systems have already been breached. From there, qualified testers determine whether the attack could spread laterally throughout your network.
An assumed breach test model helps to answer your burning security questions.
Such as:
- Could a hacker gain access to other privileged systems and sensitive data?
- If so, how far could they go?
- What impact could this have on business operations?
An assumed breach pen test provides this perspective. It allows you to understand the true impact of a successful breach, and the damage it could cause.
Let’s compare your network to a priceless diamond which is locked in a vault, behind a series of gates and doors. Whilst the first door is regularly assessed for security, without warning the lock malfunctions.
A jewellery thief can’t believe his luck, noticing the flaw in the security system, he opens the unlocked door and strolls right in. The diamond is protected by several other security barriers, but to his surprise they were all either unlocked or flawed. He had his eyes on the prize within minutes.
Unfortunately, because the main door was the focus of security and testing, it became a single point of failure which led to a devastating breach.
As hackers continue to evolve their techniques, we believe adopting an ‘assumed breach’ mentality could help firms gain deeper insight into overall security, and build a cyber defence in depth model.
Why is it time for a fresh approach to penetration testing?
Often, the scope of traditional penetration tests is too narrow, as they may only test just one aspect of your IT ecosystem. An attacker’s motivation is always to accomplish something, whether that’s stealing credit card details, encrypting data, or leaking sensitive emails.
For an attacker, getting access to your network is just one step in that process. To gain more insights into your overall security, ethical hackers should embody the same objective as real attackers would.
The test will reveal whether your network can be breached, and how easily an attacker could move around once they’re in.
Don’t get me wrong, there is still real value in standard penetration testing. They can help you identify vulnerabilities in your systems and learn how to fix them. However, by focussing solely on testing your network perimeter, will lead to blind spots in the findings of the assessment.
A test with such a narrow scope ignores the other security weaknesses which could allow an attacker to achieve what they set out to. All without your network perimeter even being breached.
Security needs layers: Build a cyber defence in depth strategy
Our scenario-based testing follows a more holistic approach to determining cyber-resilience. When testing the effectiveness of your security measures, we won’t focus on just one element of your network.
We help determine whether your security could stand its ground against real-life hacking attempt. By knowing the big picture, you have the insight to build a security strategy you have confidence in.
Utilising our advanced knowledge of offensive security and risk centric threat modelling, we can help you gain deeper insight into the risks you face and how you would handle a sophisticated attack. We can then develop a defence in depth strategy to defend against them.
Our team are on hand to shine a light on all those deep, dark corners of your IT ecosystem. Find out more about our expert penetration testing services below, or call us on 0121 663 0055.
Ready to achieve your security goals? We’re at your service.
expertise to help you shape and deliver your security strategy.