How Secure is Your Network?
Also known as penetration tests or red teaming, our security assessments are performed by world-class cyber operators in the form of real-world engagements.
Loki Labs performs different types of assessments, depending on the organization’s needs. Whether the focus is to find weaknesses in a network or prove regulatory compliance, we can help. After the assessment, we provide full reports, fix vulnerabilities, and offer training.
Our assessment reports are exhaustive – with guidelines and recommendations for fixing identified vulnerabilities.
What good is an assessment if you’re left without a resolution? Loki will work with you and your team to verify that vulnerabilities are fixed and no longer usable by an aggressor.
Training staff to detect and defeat us is a top priority. We can use the assessments as a training opportunity for all interested parties.
How it Works
We start like an attacker would, knowing nothing of a network in a “black box” scenario. We then utilize open-source research and enumeration to discover your organization’s footprint and outside boundaries, before progressing to using discovered attack vectors; to obtain access into your network. Once inside, we maneuver like an aggressor in order to find weak points and vulnerabilities from within.
Internal Technical Assessments
After the simulated cyber operation, we perform a white-box audit, either with an image or system credentials. Our analysts audit systems from attack surfaces that adversaries may utilize. The goal is to provide actionable items that when acted upon, can increase the defensive posture of the system.
Loki Labs will also perform a security architecture review – a high level review of your network topology, security products, and policies. We create a map of all defensive capabilities and benchmark the security architecture against industry standards in order to identify gaps in the cyber kill chain and ensure your network is adhering to industry compliance regulations. Our analysts will identify topological-based vulnerabilities including any misaligned resources and configurations contributing inefficiencies within the enterprise.
For Security Staff
Loki Labs will provide a knowledge assessment and survey to the members of IT and/or security teams. The questionnaire takes about 30 minutes to complete and will provide management with a workforce assessment of its staff with an emphasis on individual roles and responsibilities.
This can also include “war-gaming” activities where network security personnel are presented with different scenarios and tested on their responses.
For Business Staff
We simulate social engineering attacks in order to evaluate user responses to malicious activity. This is a replication of real-world threat actors to see how vulnerable your staff is to methods such as phishing, spear-phishing, baiting, and pretexting.
After the assessment, security awareness trainings can be offered to improve employee reactions to social engineering methods.
Policy and Compliance
Based on your specific compliance requirements (NIST, FISMA, HIPAA, CIP, PCI DSS, CIS Top 20, FINRA, SEC regulations, etc.), we target all implemented policies and provide a gap analysis of your security posture. We review all security procedural documents that identify existing compliance policy, procedures, and implemented technology solutions in order to identify gaps, risks, and any needed alterations. Loki Labs will help implement policy in accordance with established laws pertaining to existing compliance regulations.
This is an assessment of one or more actual physical office locations. Loki staff will attempt to gain access to buildings, parking lots, secure areas, etc. A physical audit can also test employee reaction to a variety of scenarios and methods such as tailgating into locked rooms, finding technology laying around (hardware connected to the network, USB sticks, etc.), and other suspicious behavior. On-premise assessments assist in improving overall security posture by building a more complete picture of an organization’s networks, systems, and staff.
Does your network pass the test?
Take a quick and free self-assessment to rate your organization and see where we can help the most.