Loki Labs can provide a full range of cyber security services for clients of various sizes to suit needs of vastly different scales. It’s important to set the scope, based on your needs, at the outset when requesting services. For government clients, or larger companies with dedicated cyber security teams, we offer Red Team services. In those engagements, we can emulate a specific threat, such as a nation state actor or cyber criminal organization, utilizing representative tools and techniques to survey and breach a network. The purpose of this is twofold. Firstly, it is to evaluate the security of the network. Secondly, it is to evaluate the capabilities and response of the cyber security personnel (blue team). We are capable and experienced at providing this service, however, it may be more than is really necessary for clients without a dedicated defensive team, or for situations were a more tailored approach is needed.
We can offer similar services with a penetration test but in a shorter time frame and without threat emulation. We follow a methodology similar to what a hacker would use to probe your network for vulnerabilities and attempt to gain access using our standard tool kit. If exploitation is authorized, we will use tools to gain and expand access into the network, just as a hacker would do. We make every attempt to prevent system instability, though there is always some risk when using exploits. This; however, is the most thorough way to detect and verify vectors for potential compromise. Of course, this doesn’t have to be “all or nothing”. There can be set conditions where exploitation is authorized when a tailored approach is desired.
In a vulnerability assessment, we don’t use exploits to attempt to gain access. We probe the network to find potential vulnerabilities and gather as much information as possible, but don’t progress past that stage. While not as thorough as a full penetration test, it has a much lower risk of causing system instability and can still be very helpful in finding and fixing potential access vectors.
At any scale, we provide a detailed report after the evaluation concludes. This report details all findings and provides suggestions for taking action to correct any security issues.