Immunity Adversary Simulation
Has a full scope penetration test ever failed to compromise your network? When was the last time your red team did not succeed? The reality is that given sufficient time and resources a skilled attack team will always find a way into your infrastructure. This is why the cutting edge of network defense is shifting to an incident response model that revolves around an assumption of compromise. You know you will get compromised, now what?
Immunity provides Immunity Adversary Simulation that allows you to model an advanced persistent threat from inside your infrastructure and evaluate how your security team will react to a real world offensive team that is active on your network and attempting to exfiltrate large amounts of data.
How is Immunity Adversary Simulation different from Penetration Testing?
- It is strategy driven and goal oriented towards data exfiltration
- It operates from an assumption of compromise: our team assumes the role of a competent and sophisticated threat actor that has already dug itself into your network
- It establishes real world persistence inside your infrastructure thus providing real world indicators of compromise to your incident response team
- It does not employ potentially destructive exploitation methodologies against production environments to establish access, so it is low-impact on day-to-day operations and safe to perform inside your actual infrastructure
Adversary simulation is the next step in threat assessment and incident response preparedness. Recent history has shown that the modern enterprise has to maintain a security posture that operates under the assumption of compromise. You will get compromised at some point in time and acknowledging this fact helps you prepare for the next level of incident response: dealing with an active and potentially advanced attacker inside of your infrastructure.
How It Works
Immunity deploys INNUENDO-based implants on designated systems. These implants, managed by the Immunity Adversary Simulation (IAS) team, operate at nation-state grade levels of sophistication, and communicate with their C2 servers using INNUENDO’s flexible channel-stack technology. Examples of channels include DNS, ICMP, IMAP, SMTP, HTTP, and FTP, as well as customized data exfiltration channels tailored to your specific network conditions (e.g. externally facing corporate Wiki sites and in-house corporate messaging solutions). The Immunity Adversary Simulation team will set out to achieve a series of adversarial goals using this INNUENDO-based shadow-infrastructure. Examples include large volume data exfiltration, lateral network movement and privilege escalation attacks. By doing this the IAS team generates real world indicators of compromise which are then used to prime your incident response team on how to recognize, interrupt, and prevent large volume data leaks out of your network.
To learn more about how Immunity’s Adversary Simulation can help improve your network security posture and incident response, please contact us at imu.sales@appgatedotcom or give us a call at +1-866-524-4782.
