INCIDENT RESPONSE

Endpoint Attack and Penetration

Essentials

An Endpoint Attack and Penetration is needed to test the effectiveness of an organization’s endpoint security. This assessment simulates an unauthorized user; whether it is a casual hacker, group of focused hackers, casual user, or mass propagating worm/virus attempting to circumvent the current host-security solution; and tests the overall effectiveness of the application to alert, respond, and protect the system, data, and resources.

SecureState will:

Test the endpoint solutions as well as the current configurations and system controls
Offer assistance if different solutions are needed
Offer help if configuration changes are needed within the overall hardening of the system and / or software solution

The Endpoint Security Solution Should: Inspect and identify application modifications and tunneled traffic Discover packed and encoded data Alert for rogue process creation, memory access, creation of files, suspicious calls and hooks Monitor the behavior of applications, connections, users, and permissions.

Benefits

Endpoint security, including host anti-virus solutions, within most organizations is considered the “first responders” in detecting a mass outbreak or breach. Testing the effectiveness of these solutions is essential to any organization’s security and response programs. In most cases, SecureState can easily bypass host-security solutions and deploy malicious software that goes unnoticed. Could that happen in your organization? You need to know how strong your organization’s endpoint security is by performing an Endpoint Attack and Penetration.

Expertise

SecureState’s Readiness and Response Team is comprised of industry experts with experience in Military Intelligence, Law Enforcement, and Big X Consulting. Members of our Team have been involved in the acquisition and forensic analysis of data in high profile events including the Space Shuttle Columbia Disaster. They have coordinated Incident Response teams that included FEMA, AFCERT, and DHS against inclement weather, terrorist activities, and world-wide threat events. Several members of the Team have high-level government security clearances and are trusted with the nation’s most classified secrets. With unimpeachable integrity and unsurpassed technical skills, SecureState’s Readiness and Response Team is ready to assist with businesses’ most complex information security readiness and response.

Get Scoping Questions Now!

Fill in your details and you can download a FREE questionnaire to ask your vendors.

Your Name

Your Phone

Your Email

Your Company

We will not share or distribute your email to anyone. It will be used solely to contact you about the service you have inquired about.

Did You Know?

Perimeter firewalls and host anti-virus solutions will not provide adequate protection, restriction, and identification of threats.
SecureState has a 100% success rate bypassing network and system countermeasures with customized malware
SecureState has identified only a 57% detection and prevention rate against existing threats in the wild
Organizations should evaluate perimeter and end-point protections and countermeasures annually
Identification and validation of threat should be tested as part of the organization’s response and continuity plans

Our Approach and Methodology

If there was a definitive way to detect a massive outbreak or breach at your organization, you certainly would pursue that option, wouldn’t you? Fortunately, that option exists in the form of endpoint security; which within most organizations is considered the “first responders” of the war against breaches or outbreaks.

First, SecureState engineers will test the current effectiveness of the endpoint solution and identify potential flaws within the current security program. Second, several different “payloads” and attack methodologies will be created to test the effectiveness of the current solution. This will start with the most rudimentary obfuscation techniques and gradually move deeper into more advanced evasion, insertion, and networking attacks. These simulations will provide the organization with an in-depth knowledge of what level of skill an attacker would need to defeat the host protections.

Additionally, SecureState will perform isolated Penetrations Tests to the overall Endpoint Assessment to identify to what extent the solution is providing notification of malicious software being placed on the system during an actual attack. This provides the organization with a true representation of the effectiveness of any given solution, and its response notifications and capabilities.

Hardening techniques are defined as general security controls placed on a specific system that enhances the overall state of security. This provides the organization with a level of assurance against focused attacks and threats. Normal system hardening or configuration hardening of the operating system or endpoint solution may prevent many of the performed attacks. These tests will be conducted to gauge its effectiveness from all angles to ensure the organization can fully evaluate the available options.

SecureState will test the end-point solution and the current configurations; as well as offer assistance if a different solution is needed, or if configuration changes within the overall hardening of the system and / or software solution are necessary. More specifically, Endpoint Attack and Penetration consists of the following:

Active Attacks: Active attacks attempt to bypass and penetrate defenses through direct access to the host. SecureState directly targets services and system functionality in an attempt to test the endpoint’s capability of detecting privilege escalation techniques
Passive Attacks: Passive attacks target the endpoint’s protection, and the logic behind it, as well as how the detection engine attempts to identify and contain any threats the user has unknowingly obtained
Evasion: Evasion techniques are some of the primary tests within the end-point attack stages. SecureState uses many common and advanced techniques that malicious software employs such as system-call hooking, memory injection and redirection, encoding sections, import obfuscation and covert tunneling; in attempts to bypass, or otherwise run undetected
Insertion: This will test the ability of the detection engines to alert on malware that implements obfuscation or are piggybacked onto legitimate programs.
Brute-Force: It is possible to brute-force the signatures and instructions that are flagged as malicious by inspecting and narrowing down key sections within malicious data to discover the endpoint signature.
Isolated Penetration Tests: SecureState will perform isolated Penetration Tests in addition to the overall virus review. The purpose of this test is to identify to what extent the solution is providing notification of malicious software being placed on the system during an actual attack.
System and Configuration Hardening: Hardening techniques are defined as general security controls placed on a specific system that enhances the overall state of security

What Makes Us Different

• SecureState implements a thorough Attack and Penetration methodology model that simulates targeted attacks against an organization. This model includes the following:

Active and passive attacks
Insertion and evasion attacks
Signature and detection brute-forcing attacks
A detailed hardening and configuration review of the systems and networks affected

• SecureState takes a unique approach by using custom created malicious software ranging from a variety of different “experience” levels to determine if it would require a non-sophisticated attacker or one of more intelligence to bypass the security solution.

Related Services

Downloads

We Can Help You

Generate New Image

Enter the code from above.