Our Services

Professional ethical hackers train and conduct “War Games” with clients as a two to three day program to improve cyber readiness.

To improve your organization’s effectiveness at responding to high-risk cyber incidents, our ethical enterprise hackers:
  • Provide your personnel training, including scenario-specific table-top exercises
  • Conduct live exercises with them to practice what they were taught with the tools they have
  • Assess the strengths and weaknesses of their war game performance
 

Table-top exercises help connect-the-dots among: technology, policy, and process

Why You Need Threat Emulation

Military organizations have long conducted war games to educate and hone the skills of their soldiers, to improve the organization’s overall military preparedness. Military experts do not argue whether exercises should be conducted but how many should they run, for what scenarios, with what constraints.

The need for cyber war games for the enterprise is far greater. The enterprise can be attacked on any given day, again and again, with absolutely no warning. It is the unknown security holes that executives should fear most. The known ones can be fixed before hackers use them.

These war games help expose:
  • Flaws in your security policies and practices
  • Misunderstandings amongst your personnel as to their individual roles and procedures
  • Under-appreciated inter-dependencies among personnel/roles
  • Misconfigurations of tools that permit something that ought to be blocked or fail to capture data vital to responding effectively

Threat Emulation Scenarios

  •    Targeted malware attack
  •    Compromised email system
  •    Critical denial of service
  •    Lateral intruder movement
  •    Domain controller breach
  •    Mass data exfiltration
  •    Customer database leak
  •    Business partner hacked
  •    3rd party breach notification
 

How Threat Emulation Benefits You

For each of the covered scenarios, your personnel learn best practices that they must execute when cyber adversaries strike. The live war game exercises help them better understand these practices. More importantly, through exercises and the post-war game discussions with our experts, your personnel gain insight into how to institutionalize the lessons learned.
Enterprise executives get meaningful insight into the readiness of their organization to withstand the kind of cyber attack scenarios that have been harming organizations like theirs. If shortcomings are discovered, executives learn what they are, their significance, and potential next-steps for addressing them. After these next steps are completed, your organization is stronger.
And if ever asked about what you did to protect your customers from reasonably foreseeable risks, Threat Emulation enables you to assert that you went far beyond paper exercises to improve your organization’s security posture.

How Threat Emulation Works for You

Typical projects run two to three days, depending upon the scenarios covered. Customers can choose to cover different scenarios at different times, and for different personnel groups. Scenario training precedes war games. In selecting scenarios to cover, we help you identify the kinds of personnel to schedule into the project.
Threat emulation consists of specialized penetration tests whereby an ethical hacker emulates your adversaries by executing the same methods and tactics, but in a manner that does no harm. For example, the mass data exfiltration scenario employs fake data.
Threat Emulation projects wrap up with discussions between one or more of our ethical hackers and your personnel involved in the war games. They share their observations and lessons learned. Later, Tangible Security provides a report on the prioritized findings and recommended next-steps.