Compromise Assessment – Security Controls
A compromise assessment (security controls) aims to test how difficult it is for a sophisticated threat actor to bypass the existing security controls in place. This assessment is used to validate the strength and resiliency of existing security controls.
Use cases supporting the need for a compromise assessment (security controls) includes, but is not limited to:
- Auditing of general security controls and AD implementation
- Auditing the efficacy of your Managed Detection & Response (MDR) and/or Managed Security Services Provider (MSSP)
- Auditing the effectiveness and maturity of configurations on target devices
Canary Trap’s compromise assessment (security controls) is a “prison break” exercise that combines the following activities to ensure a robust engagement:
- Light general penetration testing on target systems, networks, web and mobile applications
- Determining the shortest path to Domain Admin access
- Determining the amount of “noise” it takes for security devices and/or your MDR/MSSP to detect, alert and (where applicable) respond
The engagement will conclude with the delivery of a Findings Report that will provide an in-depth overview of all work efforts undertaken with a clear focus on notable findings and recommendations.
Canary Trap combines human expertise with sophisticated tools, proven methodologies and, where appropriate, threat intelligence to ensure a thorough, in-depth approach to security testing and assessments.