Threat Simulation

A full scale threat simulation identifies potential areas of weakness within an organization and attempts to exploit them to measure how the team responds.

A threat simulation is one of the most effective ways to prepare for a potential incident. By first performing a threat assessment, our team is able to identify potential areas of weakness within your organization. Using that intel, they are then able to simulate an attacker on an organization's network to measure the effectiveness of the first responders to a potential threat.


This process accomplishes three primary goals for compliance and  intelligence. First, testing and auditing the environment through penetration tests allows a company to understand their own defensive preparations. Reviewing the response plan allows the further refining of the plan in preparation of an actual incident. The refinement of the plan is even more guided by the intelligence gained from real-life assessments involving actual systems, data, and responses.


SecureState consultants are highly skilled at conducting threat simulations. We frequently conduct these assessments for clients and have a very high success rate of eliciting sensitive or confidential information. We  frequently speak publically regarding these practices; as well as teach employees how to help prevent themselves from being a victim.

Approach and Methodology

SecureState first performs a threat assessment to identify and investigate any evidence of an active or preexisting compromise or misuse, and determine what capabilities the compromise had. This type of analysis consists of inspecting and auditing systems, devices and logs for such things as services, connections, access or permission failures, timestamps, file access or modifications, communications, accounts, and processes that are running or installed. After identifying a successful compromise or malicious software, the Threat Assessment focus would be directed at collecting and identifying the initial intent of the compromise and any private or sensitive data that was captured or modified.

SecureState uses intelligence gathered during the threat assessment to craft a simulated attack to  assess how well your organization's IR Team or technical IT staff respond to an attack against the company’s network, infrastructure, and sensitive data. This test goes beyond traditional table-top exercises by evaluating real-time responses to live attacks against your organization's systems. SecureState will begin with a review of any applicable documentation, from ad-hoc incident handling procedures to defined IR plans. Whether the assessment is held on-site at your company’s location or remotely, SecureState will interview your IR and security personnel to determine what security controls are currently in place. Then, when the simulated attack begins, SecureState will continue to interface with IR personnel, review alerts and logs that are generated, and observe your company’s response procedures. This multi-phased approach allows SecureState to validate that IR documentation and technical controls (i.e. alerting) are implemented properly and functioning as expected.

Get Started!