SecureState first performs a threat assessment to identify and investigate any evidence of an active or preexisting compromise or misuse, and determine what capabilities the compromise had. This type of analysis consists of inspecting and auditing systems, devices and logs for such things as services, connections, access or permission failures, timestamps, file access or modifications, communications, accounts, and processes that are running or installed. After identifying a successful compromise or malicious software, the Threat Assessment focus would be directed at collecting and identifying the initial intent of the compromise and any private or sensitive data that was captured or modified.
SecureState uses intelligence gathered during the threat assessment to craft a simulated attack to assess how well your organization's IR Team or technical IT staff respond to an attack against the company’s network, infrastructure, and sensitive data. This test goes beyond traditional table-top exercises by evaluating real-time responses to live attacks against your organization's systems. SecureState will begin with a review of any applicable documentation, from ad-hoc incident handling procedures to defined IR plans. Whether the assessment is held on-site at your company’s location or remotely, SecureState will interview your IR and security personnel to determine what security controls are currently in place. Then, when the simulated attack begins, SecureState will continue to interface with IR personnel, review alerts and logs that are generated, and observe your company’s response procedures. This multi-phased approach allows SecureState to validate that IR documentation and technical controls (i.e. alerting) are implemented properly and functioning as expected.