Penetration Testing that Reflects a True Attack
Nation states, criminal gangs, political activists and recreational hackers are just some of the threats faced by organizations today. Despite their different motives, these threat actors have one advantage in common. Time.
While typical penetration tests will be conducted within a rigid time window, BlackBerry® Red Teaming from BlackBerry® Cybersecurity Consulting occurs over an extended period. Testers will observe targets and choose times when attacks will be most effective—just as a malicious attacker would.
How Does it Work?
Prior to commencement of the service your BlackBerry Cybersecurity consultant will work with you to define testing scope and acceptable level of invasiveness and disruption. The time scale, number of exercises and targets will also be agreed upon.
Simulated attacks may be delivered in multiple formats:
- Social vectors
- Physical assessments
The result will be a full understanding of your organization’s defences and will take into account your security culture and readiness as a whole.
Remote Surveillance and Discovery
On-site Attacks and Testing
Unauthorized access can be gained by tailgating, cloning access cards, using a fake persona or exploiting weak security measures.
Once on-site, testers can attempt to gain access to the server room and look for further vulnerabilities.
A tester can attempt to gain access to physically unsecured documents that may reveal sensitive information.
If testers gain access to the internal network, they can assess and exploit network vulnerabilities.
Once a device is obtained, applications on the device can be exploited, and sensitive information can be revealed.
If source code of an application written by your organization can be obtained, a competitor could acquiring the same information.
Credit card sized PC’s can be hidden behind tower PCs or furniture to intercept and transmit data from an internal network over an SSH protocol.
Tiger scenarios provide real time, real life feedback in relation to how an organization would respond to a real time security threat.