Attackers are familiar with traditional defenses and countermeasures. For an organization to gain an advantage, it must introduce an unfamiliar or stealth capability that annoys the attacker and forces them to make more moves to attack the network. This will increase the likelihood that they will make mistakes and be detected, as well as provide the means to determine attribution – who and where they are located.

But what if the attackers are successful in stealing intellectual property? Because compromise is inevitable against the best defenses, it is necessary to build-in custom countermeasures, such as embedding a beacon on ex-filtrated data to identify the sources of attack, modifying files so that they are rendered unusable when executed, or embedding code on the stolen data that corrupts the perpetrators’ systems.

In a targeted attack, the attackers certainly know what they are looking for and have devised tactics to compromise the environment as well as conduct the search. What is most important to an organization is detecting and preventing the attack while deterring theft of its crown jewels. With those goals in mind, it doesn’t make sense to conduct a penetration test with less knowledge than would-be attackers, but it does make sense to conduct the test with full knowledge to test the actual security posture of the organization in protecting its most valuable assets.

We scope our penetration testing engagements from the “inside-out”, starting with the crown jewels you want to protect, where they are located and how they are protected. From this perspective, we then try and steal them. This provides the only real results that count – how effective are the security controls in detecting and preventing the theft of the crown jewels?

Firewalls are still an important component of information security, however, long gone are the days when a single firewall protected a company network from the outside world. It takes several comprehensive security technologies acting in concert to provide an adequate degree of protection. In modern networks, it is important to utilize both logical and physical partitioning using firewalls and application-aware technologies. Innovative controls need to be implemented such as blackhole servers to capture beaconing malware, application whitelisting technologies and browsers that are impervious to drive-by exploitation.

Our security assessments take into consideration defense-in-depth and the actual attacks experienced by a broad range of industries in order to provide an effective engineering solution that encompasses proven techniques.