War Games
In our experience businesses are deploying cybersecurity teams and building SOC (Security Operations Centre) environments to try and keep up with the ever-changing cybersecurity threat landscape.
These environments are traditionally home to what is known as a Blue Team. Their job is to defend the organisation from cyber-attacks and intern, protect the organisation, it's employees, and its customers. This mammoth task is usually broken down into more defined categories of requirements such as deception, prevention, detection and response.
These teams specialise in technologies such as SIEM (Security Information and Event Management) and UBA (User Behaviour Analysis).
SIEM solutions tend to work on collated logs with rules defining odd events chained together. This chain of events would initiate an alert, and the team would analyse the alert along with the logs to understand if they are truly under attack or if it is simply someone doing their day to day work.
These systems can be expected to process millions of logs a second and can cost considerable amounts of money. However, they are only as good as the correlated rules defined within them.
UBA systems are platforms which gather logs but instead of collating them and relying on defined events or chains of events in the logs. They utilise neural networks to learn what log data is "normal" behaviour for each specific user account on your network.
The antithetical of the blue team, we have the offensive Red Team who are tasked with identifying security concerns in organisations by means of real-life adversarial techniques. Looking for any means to compromise systems, networks and people.
Laneden's War Games look to bring these teams together in what's known as Purple Teaming. Our experts can work closely with your team, brandishing similar techniques as your adversaries' we can help your team understand what to expect and potentially highlight any visibility gaps you may have in your networks.
Making recommendations on how to prevent, detect and respond to potential real-world attacks which have been identified within your organisation and its networks.
An on-site debriefing of the findings explaining how attackers could potentially gain control of your systems or/and exfiltrate data.
A comprehensive report is written containing an executive summary and is consumable by anyone in the organisation regardless of their technical background.
Along with enough detail to allow you to not only understand the attacks but also concise and clear guidance on how to potentially prevent them, detect them and respond to them.