Engagement Services
Our experienced offensive technical team will go to work on your environment to help you learn where your weaknesses are. Going far beyond a vulnerability assessment, a network penetration test will result in our team leveraging discovered vulnerabilities to further access and determine how attackers could potentially gain access to target data.
Before deploying an application to the Internet, or even internally for your users, it is important to ensure that appropriate testing has been performed and controls have been established. Often times we have seen Network Penetration Tests and Red Team Engagements include a weak web-application or two, so get ahead of those loose ends sooner than later!
Through email and mobile phishing, phone calls, and even loitering on-site, our experienced engineers will attempt to elicit actionable information or access from your staff. Through this sort of testing, it is possible to gain a deeper understanding of the most critical and fallible attack vector – your trusted people.
Our most senior and dedicated offensive engineers will execute fully open-scoped, scenario-based operations performed on a lengthened timeline, going after answers to the very questions that keep you awake at night. Can the intellectual property at my new acquisition be stolen surreptitiously? Can our newest branch’s vault actually detect unauthorized entry in the middle of the day; what about our tellers, or security guards? We have done some truly incredible and unbelievable engagements against various areas of critical infrastructure, transportation, and finance. Is your security program mature enough to stop us?
Through our partnerships with outstanding teams such as Unit221b, we are able to offer services that go far beyond what you have come to expect from corporate threat intelligence. Not only will we establish a robust threat intelligence operation specific to your needs, but you will also benefit from the larger dataset and closed sources already in play. If your organization is mature enough, we can even teach you how to develop this capability in-house!
Pair Threat Intelligence Services with regular Red Team Engagements if you want to make things not only interesting, but as realistic as it gets; we can actively run attacks being performed against your competitors, or one better… what your adversaries were planning on doing to YOU.
Vulnerability Assessment
Cloakwire performs a complete assessment of all running services on your network, with network inspection, vulnerability scans and web-application cataloging. This is of paramount importance when trying to understand what your environment looks like.
Through our internal team and our partners at Olympic Tactical & Investigations and Setracon, we are ready to get our boots on the ground at your campus to determine where the real threats are. We will walk the property, map wireless signals, and even determine possible points of ingress or camera blind spots. With more and more physical intrusions happening on a regular basis, many of which go unnoticed, it is important to put some focus on this often-forgotten attack vector.
This service takes the standard vulnerability assessment a step further by including manual validation for all output collected. Let us handle the confirmation process and prioritization of patching so that your technical teams can rest a little easier knowing that they don’t have work to do before they get to work.
Lifecycle Assessment
Password analysis is an important piece to a larger picture about how your organization approaches security. Whether it is on the technical side, or the user side, this kind of review can open the conversation up. If current definitions are allowing phrases susceptible to password spraying attacks to be used, it might be time for a new password policy.
In-depth analysis of code and libraries from the security perspective has become more accessible over the last decade. We will implement thorough review points throughout your development lifecycle to ensure that best practices specific to your code base and use case are being followed without exception.
The underlying authentication mechanisms, controls, and data can hide very interesting associations that you may not even know about. Through analysis of Active Directory data, we can help you determine if Enterprise Admin is a few clicks away from a phished desktop. We can also help you strengthen your overall security posture by limiting connections and trusts to those only required for your business needs.