Offensive and defensive security
Offensive security is a proactive and adversarial approach to protecting computer systems, networks and individuals from attacks.
In contrast, defensive security measures aim to identify and stop attackers, even by disabling or disrupting their activities. These measures are reactive, such as patching software and resolving system vulnerabilities.
We provide ethical cybersecurity assessments to identify and safely exploit vulnerabilities to identify successful attack paths.
We base our approach on different well-known frameworks:
OWASP is a popular framework for application security. It was created by an experienced community and helps organizations identify vulnerabilities in web and mobile applications, including complex flaws resulting from insecure development practices. The framework offers guidelines and controls for pentesters to assess a wide range of application functions.
PTES, a pentest framework developed by a team of security professionals, presents a suggested, systematic process for performing security assessments. It encompasses the phases of preparation, information gathering, and threat modeling. By integrating the optimal components of diverse frameworks, the assessment can more thoroughly address a client's attack surface.
To deliver the engagement, we apply the following methodology based on several years of experiences and “try & fail”:
Identification of possible entry points,
Manual & Automated tests,
Attempts to break in,
Perform lateral movements,
Report the findings,
Our type of tests
We can perform engagements in 3 different modes :
- Black box: we don’t have any information in advance about the targets in scope, except the targets’ address or domain names,
- Grey box: the client gives us minimum information to begin the engagement. Then, they can supply more information on-demand in order to go deeper and not remain blocked on a specific point,
- White box: the source code, full configuration information, architecture documents, etc. are available.
Finding the balance between time and information availability is crucial. The goal is to simulate a realistic attack within a restricted timeframe, although real attackers may have months for reconnaissance. That's why we suggest a grey/white box approach to enhance development security operations, maximize the client's return on investment and win unique learning approach growth.
The mindset of the team is to be fully transparent with the client by delivering a high-quality report composed of:
- A high-level executive summary where we move the vulnerability from a technical context into a business context to make management understand what the consequences in case of exploitation are,
- A technical section where vulnerabilities per domain are sorted by remediation order. To sort them, we use specific and easily understandable criteria, that take the business/technical context into account
- All scripts, command lines, software etc. used to uncover the vulnerability are described in the report, in case the client wants to replay himself the attack,
- A high-level conclusion in which we give our opinion and recommendations about the security of the targets in scope.
Our Added Value
Several added values can be identified with this type of engagement. Amongst others:
- Giving your team members real experience in dealing with a security breach,
- Uncovering security aspects that are lacking from a technological or process point of view,
- Uncovering the most-at-risk routes to your sensitive assets.
Trust means Proximity
As trust and proximity are strongly linked together, our team can support you with a high availability all around Switzerland. We can also ensure management proximity, as ELCA Security is a real Swiss and independent actor.
Begin your cybersecurity journey
ELCA Security offers discovery assessments for companies to take their first step towards cybersecurity. These assessments provide a high-level overview of cybersecurity maturity and deliver strategic recommendations. We believe that investing in professional development empowering individuals is crucial for organizational growth and success.
These types of engagements are focused on SMEs, as they are missing resources in this domain. We can cover several advisory domains:
- Flash Risk assessment : Provide a high-level overview of your Cybersecurity maturity and deliver strategic recommendations.
- Flash Compliance assessment : Verify compliance with nLPD, GDPR, ISO27K
- Flash Data Protection : Check if data processed could be compliant with the current data protection laws applied in the country.
- Flash Cyberdefense readiness : Determine if your Defense-in-depth strategy is setup correctly and can detect & block advanced Cyber-attacks.
- Flash Discovery Pentest : Provide a high-level overview of your Cybersecurity maturity and deliver strategic recommendations.
Red Team engagements simulate attack attempts based on client-defined objectives to test an organization's response to cyber threats. The team focuses on accessing sensitive information on multiple fronts and avoiding detection by the client.
As such, the process usually involves more people than a standard penetration test. By spending more time on the reconnaissance phase and with more resources, the results found by a RedTeam team can lead to a deeper understanding of the level of risk to the organisation.
A Blue Team exercise is an attack simulation that focuses primarily on the effectiveness of a defence team and its ability to detect, block and minimise cyberattacks. These exercises simulate threats that have the potential to cause significant losses to an organisation. During the exercise, a Red Team simulates attacks targeting the organisation's infrastructure to exploit vulnerabilities in systems and applications on the network.
The Blue Team's objective is to launch countermeasures to isolate infected assets and thwart attacks. After the exercise, the Red Team will discuss their attack methods and actions so that the Blue Team can identify and correct missed attacks. This is not only a knowledge expansion triumph but will also strengthen you companies indispensable cybersecurity skills.
Purple Teaming is a joint exercise between Red and Blue teams that aims to improve their capabilities in preventing and detecting cyber-attacks through continuous feedback and knowledge transfer. The Red team simulates various types of attacks to test the Blue Team's detection and response capabilities, identifying weaknesses and providing insights on how to remediate issues.
The result is actionable improvement to your defensive capabilities against real-world threats. Purple team exercise provides an excellent return on investment by helping you maximize the value of existing defensive controls. It results in fundamental learning paths solutions and trains your key skill for a secure future.
Computer Security Incident Response Team (CSIRT)
Computer Security Incident Response Team - Our team of specialists can quickly & efficiently respond to security incidents, regaining control and minimizing damage and loss.
With our strong experience, we can support you in managing internal communications, responding to media enquiries, handling any personnel issues in the case of insider action, etc.
We can support you by putting in place an efficient communication structure that will minimize damages by communicating in a quick, honest and transparent manner.
At ELCA Security, we understand the importance of offensive and defensive security measures to create a path to a secure future. Our community resources and financing options enable unmatched skills development and provide opportunities for the exploration of creative ideas. Our trial process equips users with hands-on learning experiences and pattern recognition skills to enhance their understanding of cybersecurity. Our learning library provides access to a wealth of information and resources, elevating the cyber workforce and preparing them for any challenges they may face. Our hands-on learning platform and penetration testing services allow users to develop practical skills and apply them in real-world scenarios. At ELCA Security, we are committed to adapting to the ever-changing landscape of cybersecurity and are always exploring new ways to improve our offerings and support our users in their learning journey.