The objectives of the NAASE framework are to assess and enhance the resilience against sophisticated attacks in order to efficiently strategize security controls to the unique threats looming at present. Scenarios are created for attack simulation by identifying the most likely adversaries and the attack vectors are combined to form a kill chain. The goal of these exercises is to assess the capability of an enterprise to detect, prevent and respond to cyberattacks that may impact Critical Functions or business continuity.
Let’s StartNAASE exercises simulate the full end-to-end cycle of a cyber attack, replicating actions and procedures utilized by real-world adversaries with a high level of intent, sophistication, and capability. The remediation enablement modules of the service provide in-depth assistance to fix failed controls and improve the detection capabilities of the SOC.
During the Open-source intelligence (OSINT) and Darkweb enumeration phase of NAASE NetSentries will collect data about the target organization from publicly available sources to be used in an intelligence context for further steps in a complete zero knowledge manner. The collected datasets are risk-scored and correlated with each other to identify possible unknown threat vectors. Business risk scoring helps organizations to take necessary preventive, proactive actions.
Red Team (RT) exercises are sanctioned, planned, risk-managed, and objective-driven cybersecurity assessments that simulate highly sophisticated targeted attacks against an organization. The exercise includes external simulations like advanced spear-phishing, attacks against application channels, and advanced post-exploitation actions like persistency, lateral movement, data exfiltration, and password dumping. Internal simulations verify the effectiveness of logical and physical security controls related to People, Processes, and Technology like a determined insider attacker.
The organization's internal Blue team is a part of this exercise, working with the NetSentries Red team to conduct objectives-based assessments that mimic known and quantifiable threat actors. The Blue team assesses the Techniques, Tactics, and Procedures and builds and configures their detection and response capability in line with these known approaches.
NetSentries provides assistance to fix failed security controls, provides advice on deploying compensating controls where an immediate fix is not possible, and helps create a roadmap with prioritization to address high-risk gaps and continuously improve the organization's overall security posture.
The results from the adversarial simulation are used for strategic planning support for the remediation of failed incident detection. Advanced services like support for log baselining, events of interest definition, selective log forwarding recommendations, use case/correlation rule definitions, monitoring dashboard development, etc., are provided to improve the Detection and Response Posture.
