Ransomware Defence Assessment
The Ransomware Defence Assessment is a blended approach of both paper audit checks and hands-on manual testing, aiming to thoroughly assess your administrative and technical controls, as well as your detection processes. We also test your ability to restore business activities quickly and efficiently should a successful attack take place.
This assessment is split into 3 key areas: Audit Checks, Infrastructure Testing & Attack Simulation.
Listen to one of our Ransomware experts
breakdown of this Pentest People Service
Audit Checks
Robust and regularly tested procedures, policies, guidelines, and awareness training are critical components in the business-wide approach to ransomware defence. Therefore the ‘Audit Tests’ aim to ensure that the most appropriate policies and procedures are in place along with suitable technical controls to mitigate the risk of a ransomware attack. Typical tests would include confirming backup and recovery activities, automated patch management, malware controls, CIRP and DR plans, and distribution of awareness training.
Infrastructure Testing
The infrastructure includes a wide range of hosts and services, all with unique security configurations, and each providing a key technical control.
The ‘Infrastructure Testing’ aims to provide assurance that your current configurations across your key hosts and services are effective and appropriate. Tests include confirming that mail filters block the most recently used malicious attachments, that data backups are appropriately secured, that compromised user accounts cannot easily access sensitive information, and that remote access solutions are configured with the most secure authentication controls.
Attack Simulation
The ‘Audit Checks’ and ‘Infrastructure Testing’ could be considered as part of the ‘Preparation Stage’ of incident response. However, the remaining steps from detection through to recovery should also be examined.
The ‘Simulation Tests’ aim to examine the effectiveness of your defence systems, but also the responsiveness of the IT team. The tests simulate ransomware activity in a controlled and non-disruptive way, allowing all stages of incident response to be played out, identifying any opportunities for improvement.
Concise Reporting
The Ransomware Defence Assessment report structure is divided into three main categories, namely, ’Audit Checks, ‘Infrastructure Testing’, and ‘Attack Simulation’. Each test is then further divided into sections to explain the issue’s relevance in ransomware defence. It provides a view of the short-term and long-term administrative and/or technical steps that could be taken to mitigate risk.
The report also overlays the severity of each issue based on probability and potential impact on your environment. Finally, the report includes as much evidence as possible to validate our findings. For example, proof of concept images, code output where appropriate, and any recommended external resources.
The Ransomware Defence Assessment
Allows Access to SecurePortal
Digital Report
Until now, the traditional deliverable from a Penetration Test engagement has been a lengthy 100+ page PDF report.
Pentest People have developed a solution to this issue where you interact with your vulnerabilities within the SecurePortal.
Vulnerability Data
Constantly updating Vulnerability Information to stay in touch with the emerging threat landscape.
Receive overview and trend data of all of the current security issues you face in your organisation. All viewable on an interactive dashboard.
Skilled Consultants
Rest assured that your assessments are performed by qualified Security Consultants.
Our specialised team of security consultants hold industry qualifications such as CHECK Team Member & Team Leader, CCIE, CISSP and CEH.
Ransomware Service Breakdown Transcript
Pentest People’s ransomware defence assessment takes three main approaches. The first is audit testing. This simulates an internal audit, and attempts to ascertain exactly what’s wrong and what’s right with the internal processes, especially when it comes to responding to incidents. This takes the form of a long question app that you’ll answer with the help of one of our senior consultants.
The second part is infrastructure testing. This follows a similar process to our standard internal infrastructure assessments. However, there is a slight spin to make it more applicable to ransomware. What we’re doing when we’re performing that assessment, is we’re looking for any misconfiguration that could facilitate a ransomware attack propagating across a network and causing further damage. Things like out of date software, unpatched servers, and anything in the periphery of the network that could allow malicious actors in.
The third part, and we often find this is the most key part is attack simulation. These are tabletop exercises where we go through and simulate exactly what would happen during an incident response. These can be things like making sure you have an appropriate return to business as usual plan or even ensuring that you have the appropriate retainers in place to make sure that if ransomware does happen, you know exactly who you’re calling.
Those three constituent parts. Make up the RDA.
Key Benefits
Take a look at the benefits surrounding the Ransomware Defence Assessment
- Simulates the most probable internal and external attacks used to deliver ransomware payloads in a safe and controlled manner.
- Tests the effectiveness of the SIEM solution in detecting malicious behaviour on the infrastructure typical of an imminent ransomware attack.
- Includes an assessment of the configuration of the key technical controls in place to mitigate the risk of ransomware attacks, such as mail filters, anti-virus, and network segmentation.
- A concise report containing both technical and non-technical recommendations for how the risk of a ransomware attack on the client’s infrastructure could be reduced.
- Includes a Ransomware focused workshop with a senior consultant, discussing how the configuration of the client’s infrastructure compares with industry best-practice recommendations.