Supply chain security and red teaming involve the assessment of an organization’s ability to detect and respond to a real-world breach event. As corporate and software development environments evolve with the adoption of new technologies such as (cloud, microservices, containerization, and Kubernetes) so does PreCog Security focus on performing a guided audit or test against an organization or a testing object. This approach can include performing an audit and developing a process according to ISO 27001 for an organization or verifying the security level of an application according to OWASP ASVS (Open Web Application Security Project – Application Security Verification Standard). When a company wants to simulate a realistic threat against a system and find vulnerabilities, it is suggested to perform penetration testing on an application, network, or organization. The result is that the company simulates an attacker of a certain skill level, and aligns hired testers to that same skill set of an attacker in order to discover vulnerabilities or risks.
Classic red teaming also falls under this category by simulating an adversary of a specific skill level with an extended engagement period than in a regular penetration test and wider encompassing rules of engagement which allows for more freedom while testing. While red teaming is very useful in order to detect new avenues of risk, it is expensive and usually provides only a single path that the red team took in order to compromise the organization.
In both cases, the specific focus is on either broad risk assessment and asset discovery, to perform very specific checks and assessing risks for an application or part of the system.
The PreCog Security approach is about leveraging available frameworks, customer resources/infrastructure, and our expertise in order to build a customized risk framework. Our team consists of a diverse lineup of professionals, from C-Level security strategy executives with backgrounds in some of the largest IT enterprises like McAfee and Intel Security to experts with prior industry expertise to academic background experts with PhDs in information security. The diversity of our team enables us to view every security problem or every element of your enterprise from multiple viewpoints and scale our approach from the finest technical detail to c-level and boardroom executive reports.
Our approach for strategic risk assessment and analytical red teaming takes a blended approach with three critical areas and phases:
Phase 1 – Baseline assessment and identification (where is the organization now)
Phase 2 – Customized Risk Framework Development (where the organization wants to be)
Phase 3 – Implementation of Risk Framework (how the organization is doing)