Hackers have been attacking networks since the mid 1980s and penetration testing has matured and developed over the years as the industry becomes more established.
Intelligence led testing is the natural next step as organisations seek to put their systems through their paces with realistic scenario based testing campaigns.
Whilst traditionally the greatest form of defence is good offence, in the case of threat intelligence it could be argued that the opposite is true. Understanding the threats, anticipating events, recognising when you have been attacked and knowing what to do about it is all very important.
Despite the constant real world evidence, many public and private sector organisations still dont believe they would be the target of an attack. This mindset needs to change and they need to become far more aware of what is going on around them, so they can identify when an attack has taken place or is imminent. Consequently; the concept of cyber threat intelligence is now pervasive and the number of providers is on the rise.
Boards and senior executives need to ask themselves what threats they face; what risks do these pose to their information assets and what should their response be. Advanced threat intelligence will help an organisation understand the specific threats they face and the vectors those threat actors are using. In order to take the next step and evaluate what level of risk these threats pose to their information assets; many companies are employing Intelligence Led Testing to enact specific identified attack scenarios within a controlled environment. Based on reliable intelligence this enables them to test their networks against real risks they know to be out there. Portcullis service in this arena is called RedIntel.
These scenarios work best where risk is managed by a combination of people, processes and technology. People are your greatest asset but also your most likely risk. Testing and evaluating how your organisation stands up to attack and the success of these processes, particularly in areas where you have developed specific capabilities to better control risk, is an integral part of good defence.
Portcullis RedIntel service seeks to emulate real life situations. Taking its inspiration from age old physical security attacks designed to evaluate levels of protection in the theatre of conventional warfare, this method is being successfully applied to cyber security. The red team refers to the attacking force, as opposed to the blue team whose job it is to defend. The scope of the attack is decided in advance and the nearer the exercise can get to emulating a real world attack, the more useful it will be.
Not all organisations will have a security posture mature enough to engage our RedIntel service, but it is the way forward and where pioneers lead, others will follow.
“If you know your enemy and know yourself; you will never be defeated in battle.” – Sun Tzu The Art of War