Offensive and defensive security
Offensive security is a proactive and adversarial approach to protecting computer systems, networks and individuals from attacks.
In contrast, defensive security measures are focused on seeking out the perpetrators and in some cases attempting to disable or at least disrupt their operations. Defensive activity focuses on reactive measures, such as patching software and finding and fixing system vulnerabilities.
Our penetration testing services allow you to methodically identify threats to your organization and identify real world risks.
We base our approach on several well-known frameworks:
OWASP - Open Web Application Security Project For all types of application security, the Open Web Application Security Project (OWASP) is one of the most recognized frameworks. This methodology, developed by a community of security professionals, has helped many organizations to mitigate security risks in their web and mobile applications. Leveraging the approach described in OWASP’s web and mobile security testing guides allows us to efficiently and consistently identify common security issues that stem from insecure development practices.
PTES - Penetration Testing Execution Standard is a network penetration testing framework created by a community of seasoned security professionals, which comprehensively describes tools and tactics to scope and conduct network penetration tests. It includes conceptual guidelines such as preparation work, information gathering, and threat modeling, but also covers practical information on how to conduct reconnaissance, exploitation, and post exploitation activity. We leverage this framework to design effective security assessments and maximize on our ability to report on security gaps
To deliver the engagement, we apply the following methodology based on several years of experience:
Identification of the attack surface,
Manual & Automated tests,
Attempts to break in,
Perform lateral movements,
Report the findings,
Our type of tests
We can perform engagements in 3 different modes :
- Black box: no information communicated in advance about the targets in scope, except for the targets’ address or domain names,
- Grey box: the client gives provides minimal information to begin the engagement. As the engagement progresses, they supply more information so that the team can cover more ground and not remain blocked on a specific point,
- White box: the source code, full configuration information, architecture documents, etc. are made available to the security team.
The main difficulty is to find the right balance between allocated time and information availability. The objective to simulate the impact of a real attack at a fraction of the time and cost. This is why we recommend a grey / white box approach to improve the return on investment for the client.
The mindset of the team is to be fully transparent with the client by delivering a high-quality report composed of:
- A high-level executive summary: where we translate the vulnerability from a technical context into a business context to help management understand the consequences of a successful attack,
- A technical section: where vulnerabilities are prioritized by their potential impact,
- All scripts, command, software: or other artifacts used to identify the vulnerability are described in the report, in case the client wants to replay the attack,
- A high-level conclusion: in which we provide our opinion and recommendations about the security of the targets in scope.
Our Added Value
Regular penetration testing and red team exercises can vastly improve your security posture by providing you with a prioritized ‘To Do’ list of security issues to fix, but also improve your team’s reactivity to real-world attacks:
- Practical exercises familiarize your team with the tactics, techniques and procedures of real-world attackers.
- Regular testing helps you eliminate security gaps that arise as part of your infrastructure and processes’ growth.
- Our approach not only takes business risk into account, but also cost of remediation. This allows you to focus on the assets that are most at-risk with the resources that are at your disposal.
Trust means Proximity
As trust and proximity are strongly linked together, our team can support you with a high availability all around Switzerland. We can also ensure management proximity, as ELCA Security is a real Swiss and independent actor.
Begin your cybersecurity journey
Cybersecurity is an investment on a long-term perspective to anticipate future potential cyber-attacks and limit their impacts on daily business.
For most companies, it is not justified to invest substantial amounts in this domain. This is why ELCASecurity proposes several discovery assessments to allow you to make a first step into the Cybers Provide a high-level overview of your Cybersecurity maturity and deliver strategic recommendations.
These types of engagements are focused on SMEs, as they are missing resources in this domain. We can cover several advisory domains:
- Flash Risk assessment:Provide a high-level overview of your Cybersecurity maturity and deliver strategic recommendations.
- Flash Compliance assessment:Verify compliance with nLPD, GDPR, ISO27K
- Flash Data Protection:Check if data processed could be compliant with the current data protection laws applied in the country.
- Flash Cyberdefense readiness:Determine if your Defense-in-depth strategy is setup correctly and can detect & block advanced Cyber-attacks.
- Flash Discovery Pentest:Provide a high-level overview of your Cybersecurity maturity and deliver strategic recommendations.
Red Team engagements are focused on objectives previously defined and validated by the client. This exercise is a simulated attack attempt to test how an organisation's security team responds to cyber threats. During the test, the team focuses on the pre-defined mission objectives, seeking to access sensitive information on multiple fronts and avoiding detection by the client.
As such, the process usually involves more people than a standard penetration test. By spending more time on the reconnaissance phase and with more resources, the results found by a Red Team can lead to a deeper understanding of the level of risk to the organisation.
A Blue Team exercise is an attack simulation that focuses primarily on the effectiveness of a defence team and its ability to detect, block and minimise cyberattacks. These exercises simulate threats that have the potential to cause significant losses to an organisation. During the exercise, a Red Team simulates attacks targeting the organisation's infrastructure to exploit vulnerabilities in systems and applications on the network.
The objective of the Blue Team is to respond to the attacks by launching appropriate countermeasures to isolate the infected assets and generally thwart the attack. At the end of the exercise, the Red Team will discuss their attack methods and actions so that the Blue Team can confirm their findings and then identify and correct the missed attacks.
Purple Teaming is an exercise where Red and Blue teams work closely together in a pre-defined exercise to improve their capabilities to prevent and detect cyber-attacks, through continuous feedback and knowledge transfer. The Red team exercise simulates multiple types of attack throughout the engagement, launching the attack and waiting for the Blue Team to detect and respond. It identifies any weaknesses or gaps in detection and response and provides insight on how the issue can be remediated.
The result is actionable improvement to your defensive capabilities against real-world threats. Purple team exercise provides an excellent return on investment by helping you maximize the value of existing defensive controls.
Computer Security Incident Response Team (CSIRT)
Computer Security Incident Response Team - Our team of specialists can quickly & efficiently respond to security incidents, regaining control and minimizing damage and loss.
With our strong experience, we can support you in managing internal communications, responding to media enquiries, handling any personnel issues in the case of insider action, etc.
We can support you by putting in place an efficient communication structure that will minimize damages by communicating in a quick, honest and transparent manner.