Prism Infosec, an independent cybersecurity consultancy,has introduced PULSE testing service. The service aims to help entities that may not have the resources to dedicate to a full-scale red team exercise and assess their defense capabilities against real-world threats.
The company says PULSE fills the gap between penetration testing and red teaming, offering a fast and thorough testing approach to help organizations better understand their security posture.
Penetration Tests are contained evaluations that assess security boundaries and controls of distinct systems that excel at the analysis of specific vulnerabilities contained to specific control planes of individual systems.
In contrast, red teaming is a real-world test of the organization’s defenses against threat actor activities and capabilities. The tester adopts a more opportunistic approach that more closely mirrors the attacks the business could expect to be subjected to.
PULSE evaluates the security of a company’s perimeter, endpoint security, and environment from the point of view of a time-limited opportunistic threat actor.
Conducted over five days using techniques aligned with the MITRE ATT&CK framework, tests are carried out that are flexible, repeatable and measurable. Suitable for organizations that have invested in security tooling but lack a full-time dedicated Security Operations Centre (SOC) and staff, the timeframe and methods used ensure PULSE tests are not disruptive while still subjecting systems to rigorous assault.
David Viola, Head of Red Team at Prism Infosec, says while Red Teaming is an excellent tool for exercising security tooling, staff, policies, and procedures in a realistic, secure, and safe manner, not every company is ready for the cost, time, and effort that a whole red team engagement requires to deliver value for the business.
PULSE enables businesses to test their systems in the real world without the commitment or disruption associated with red teaming.
“The PULSE tests emulate the approach an opportunistic cyber threat actor would take when seeking to breach the perimeter, establish a foothold, and compromise the environment all within the space of a working week.”
He says PULSE’s methodology is designed to rapidly test multiple different payloads and delivery mechanisms similar in approach to purple teaming, which combines offensive and defensive tactics and involves the following steps:
- Scoping – Red Team consultants capture the information needed for a successful engagement.
- PULSE Test Plan – A tailored test plan is devised based on the PULSE methodology and the findings from the scoping questionnaire.
- PULSE Preparation – The client provides the prerequisites while the consultant prepares payloads, infrastructure, and tooling.
- PULSE Perimeter Assessment – Testing begins with assessing the perimeter using different payload delivery techniques.
- PULSE Attack Surface Assessment—Successful payloads are tested against installed security solutions to establish which trigger an alert, which are blocked, and which penetrate the business.
- PULSE Environment Assessment – Using a successful payload, an assessment is made of how far a threat actor could penetrate the environment.
- PULSE Report – The outcomes of all three phases are then documented, along with recommendations to harden the environment and suggestions and advice for follow-up testing to improve security posture.
PULSE can be customized to enable testing specific to the customer environment, such as through the addition of physical testing using social engineering and physical breach techniques.
More information on PULSE can be found here.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.