OSINT? Check. Smishing? You got it. Spoofed domains w/ TLS certs? Like a boss. Human hacking via Impersonation? Hold our beer. If you’re looking to extend beyond robo phishing emails and non-imaginative red team engagements, come talk to us. We custom a menu of red teaming engagements based upon a realistic threat model for your industry, industry sub-segment, and business model. More importantly, we strategically align red teaming goals to both security awareness objectives as well as corporate security governance controls to provide the integrated approach that defines us.
Inquire how VerSprite’s Red Teaming exercises can align to both corporate governance reinforcement opportunities as well as measuring the real security awareness of company officials.
Organizational Threat Model
Organizational Threat Models – a service that simulates real world attacks based upon evidence supported threat motives – was created after VerSprite received client requests on how the PASTA application threat modeling approach could help simulate multi-faceted, threat based attacks against target organizations.
Each organizational threat model begins with an examination of threat motives. We examine high impact targets for a target organization and correlate to scenarios such as extortion, IP theft, sabotage, data exfiltration, persistence for malware propagation, and much more. A custom threat library per client is mapped to identified business impact scenarios for a target organization. Once a model has been established, our team launches attack patterns that support threat objectives from modern day syndicates, corporate mercenaries, opportunistic hackers, insiders, and more. Ensuing attack simulations center around one or several threat scenarios, each focused on realizing high impact situations. As a risk centric approach, organizational threat models can help depict where a security program for an organization is weakest. For this reason, organizational threat models help to define a very effective roadmap for a security program as it illustrates consequences if identified gaps are not remediated. Deliverables and results from these engagements message better to senior management officials since the context of threats, threat viability, and effectiveness of security mitigators are well reflected by the organizational threat model.