ADVERSARIAL SIMULATION

White Oak’s Security Testing provides an in-depth test of your mission-critical systems with highly detailed results – allowing you better understanding of your risk and your compliance issues

Adversarial Simulation is a term that takes into consideration a number of security testing approaches that go beyond standard penetration testing.  Red Team exercises, Social Engineering, and Threat Emulation can all shine a light on threats and risks that may not be identified through a single, asset-focused process.

By incorporating process, training, technical testing, and people into the mix, White Oak can provide insight into not only issues that may affect an application or your infrastructure, but also gaps in the overall security environment - including defensive tools, monitoring, and gaps in training (or the need to repeat training). 

redteam.png

Red Team

White Oak Security's Red Team Service is an adaptive threat actor emulation on networks and host systems as identified by the client.

Our approach will combine elements of penetration testing with social engineering to evaluate the organization’s ability to detect and respond to advanced adversaries.  Our methodology differs from a standard penetration test by incorporating many tactics, techniques and procedures that are out of scope for a penetration test. 

While all Red Team exercises are highly defined with and by our clients, during the course of the engagement our team may leverage phishing, simulated malware payloads, physical attacks, “dumpster diving,” social engineering, and more... 


socialeng.png

Social Engineering

Regardless of the technological or physical security measures you implement, the strength of your environment and organization comes down to the training, awareness, diligence, and honesty of your organization’s trusted employees, contractors, and vendors.

White Oak Security will work with your organization to identify areas of concern.  We perform target identification and information gathering, followed with persuasion and deception techniques in an attempt to gain access to sensitive information or systems. These efforts identify gaps in training or areas in which existing training needs to be altered or re-emphasized.  We will work with you to build a training approach (and deliver that training if desired) that will provide your employees the information, habits, and process that they need to combat these social engineering techniques.


gearshield.png

Threat Emulation

Our Threat Emulation service can also be called a 'Purple Team' exercise.  The goal is to perform in-depth penetration testing in a step-by-step manner while actively working with our client's SOC and security team to both find vulnerabilities and test their defensive and detective capabilities.

Are your detective controls working as they should?  If not - how do we get them tuned properly?

Does your response process work effectively to active threats?  How can it be made more effective?

Is training properly preparing the team to respond?  What can be added or modified to make that training more impactful?

Today's companies invest a great deal of time and effort (and money) in security controls and security training - are those investments paying off and how can they be maximized?