Cyberis Blog

Reassuringly clear thinking.

  • Penetration testing
  • Red teaming

Dead canaries in your network

When an adversary is inside your network, the faster you can detect and remove the intrusion the better.  Even if you don't have a "network" per se – even if you are running a pure zero-trust environment – detecting an attacker at work early will give you the upper hand. Even with sophisticated EDR products in the mix, criminals can often introduce malware to an environment to gain a foothold in a way that isn't detected.  Introduction of malware and establishment of a foothold is critical to criminal operations and so today's criminal gangs spend a great deal of time and resources using tradecraft and techniques to bypass the detective and preventative controls running on user workstations.  Even with a really good set of tools in the hands of an experienced defence teams, there is a good chance of criminals starting their attack chain without being caught. Using canaries can help you stay ahead.

Read more
  • Detect and respond
  • Red teaming

Using Red Teaming to upskill detection and response teams

When we talk about red teaming, it's quite easy for people to understand the benefits of using attacker techniques in our approach when it comes to exploring a particular attack pathway and to see the benefits of identifying the chains of vulnerabilities that allow a compromise to happen.  Quite frequently, though, people underestimate how effective red teaming can be when it comes to upskilling detection and response teams. I'd like to give an example of how - run well - red teaming can be used to improve detection and response outcomes.  This is, of course, an anecdote, but it certainly gives an idea of how performance changes when teams are challenged in the right way.

Read more
  • Red teaming

How Red Teaming can help you identify systemic weaknesses and control gaps

Working with mature organisations, we use full chain attack simulations to identify high level weaknesses and control gaps that simply aren’t highlighted by standard approaches such as traditional penetration testing.

Read more
  • Penetration testing
  • Red teaming

Using penetration testing to achieve different assurance outcomes

Penetration testing can be used in many different ways to meet different goals, and there are several different types of penetration test.  We’re always trying to understand our customer’s goals so that we can make sure we’re applying the right methodology to your penetration test to achieve the outcomes you want.

Read more
  • Detect and respond
  • Red teaming

Using Red Teaming to validate the performance of an outsourced managed service provider

Red teaming can provide assurance within a wide range of business scenarios.  One interesting scenario we explored recently with a customer, a firm within the education sector, involved a situation where they had outsourced detection of security incidents to an external MSSP.  As a result of a governance audit, our customer needed to determine whether the detective and corrective capabilities of the managed security services and associated internal technical controls functioned as expected across several lesser-seen compromise scenarios.

Read more
  • Attack surface discovery
  • Red teaming

Shadow IT and Technical Debt: The Adversary's Allies

Shadow IT increases your business' security risks and is invisible to you. It might not be covered on your asset lists, because your asset management lists are incomplete. It might have no assigned owner, either because it doesn't fit neatly into any business unit, or isn't related to any current operational priorities but hasn't been fully decommissioned yet. It might have been installed outside of usual processes, either without authorisation or because usual processes were overridden.

Read more
  • News
  • Red teaming

Cyberis Becomes CBEST Approved

Cyberis has announced that it is now an approved Penetration Testing provider under the Bank of England (BoE)'s CBEST scheme. CBEST is a framework run by the Bank of England through the industry body CREST that delivers controlled, bespoke, intelligence-led cyber security tests, to increase the resiliency of financial services organisations against cyber attacks. Regulators such as the Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA), have integrated the CBEST security assessment framework into their supervisory strategies.

Read more
  • Red teaming

The human cost of social engineering

In the security industry, we will often talk about people being the weak link. We spend our time outlining the ways that people will fail, or be fooled, or will be tricked. Of course it’s important that we, and our customers, understand the fallibility of people in any security assumptions we make. On the other hand, we also have a moral and ethical obligation to look after the very people we are targeting, and to avoid causing undue distress. “Social engineering” is a bloodless, sterile term. We call it “social engineering” because it covers a lot of different bases, and it sounds more professional than the alternative – “lying to people”, “abusing trust”, “betraying relationships”. These are tactics that adversaries use mercilessly and without consideration for the impact on the victims. If we are to accurately simulate the attack chain and the activities of adversaries, then we need to adopt these tactics as well.

Read more

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Contact us About Cyberis