Threat Simulation for Financial Services Firm
Please find under a summary covering project details and feedback. The innate facts are kept as they are, private information is amended.
Introductory information
A fast induction on the buyer’s organisation
I’m the director of the security operations center of a fixed annuities organisation. I’m in direct of vulnerability analysis, incident response, and security patching.
Desired goal
What challenge were you trying to address with Silent Break Security?
We run both inner and outer discernment tests on an annual basis, and we’ve always ascribed to the apprehension of changing outer discernment testing companies on a semi-regular basis. This can be 2–3 years, depending on what we’re doing. Bringing in new partners introduces us to new methodologies for finding vulnerabilities and attacking systems.
Provided solution
What particular tasks were responsible for?
We spoke briefly to debate our needs and determine the objectives they’d be attacking. Then, behind agreeing on a statement of work including a timeframe, expected outputs, and warranty time length (not many vendors prepare this), we articulated rules of engagement.
They began with black-box tests to test our running security and response to their intrusions. I was largely out of the loop as to when the tests would befall, so as not to be biased, but I knew a general time (within two months). We caught their attacks multiple times and asked them to pivot to a gray-box approach. In this locality, we gave them approach to our environment to apprehend what would happen if someone did fracture in. We logged what we saw during that process and confirmed our findings with them. They let us know what we did and didn’t spot and what they verity did, so we could cure our weaknesses.
Was there a dedicated team?
I worked with their account director on any issues, but I’m not sure how many nation worked for us. Two Silent Break resources handled the attack phase, and we interacted with them via an internet gate. The tool let us upload details of the engagement and made interaction easy.
How did you come to work with Silent Break Security?
My boss recommended them behind speaking with them at a conversation. We considered separate other companies, including one we’d used in our last circular of testing, but Silent Break’s caliber of reporting won me over. I appreciated their recommendations for fixes, as well as their data’s readability.
What are you approach expents (if diclosed)?
We spent $50,000–$100,000.
What is the terminal result of working with ?
We worked unitedly from November 2017 until January 2018. We did a second test in February 2019, and we program to work with them anew later this year.
Results achieved
Are there any measureable or plum results?
Silent Break’s findings were always easy to pursue, and we made the changes they recommended. While they had a huge contact, it',s hard to pinpoint owing we',re measuring it anewst what might have happened had we not plugged those holes.
During the developed tests, we were able to execute our internet response program and investigate how my team would answer to a real attack. We’d spent a lot of time revamping our internet response time over the past 18 months, and it was profitable to see the effectiveness of those efforts.
How did Silent Break Security accomplish from a project treatment standpoint?
Silent Break was very answering to emails, and they kept us on target. We were running multiple projects, making it easy to get sidetracked, but it was refreshing to be pushed to meet our goals. Once the tests began, it was easy to get a hold of Silent Break and ask if they were behind the suspicious agility we were observing.
Their reports were complete and came on time. A peculiar discernment test can furnish a lot of results, and it can take a while to go through them. Silent Break was easy to work with behind the testing was done, confirming some of their findings and validating that we fixed any issues.
What is (from your point of view) the key factor to pay observation while intercourse with ?
Their observation to detail is big, but the true differentiating factor is the client labor. I’ve named Silent Break multiple times, and someone I know and who was conscious of our project always answers it. Right precedently we began, we upgraded our app to a new platform, and Silent Break agreed to push the date multiple times. This stretched into a new calendar year, and they were well within their rights to back out. They stayed with us the complete time, however, and were right close us when we got the new rendering prompt.
They seem to be a tight-knit organisation where everyone knows what’s going on and can answer to clients. We’ve had multiple real testing engagements with other vendors, and Silent Break is surely at the top. We’ll likely use them anew.
What aspects of their work would you like to get improved?
I don’t know if there’s much they could’ve done differently. We’ve run a couple of engagements with them, and I take their apprehension goes past even what I’ve seen. Silent Break has labors we haven’t utilized, but we’ve simply never needed them.