An intruder gains access to your internal environment, performs any number of malicious acts within it, achieves its objective, and stealthily withdraws. After the intrusion is discovered, you’ll (at a minimum) need to answer these important questions:
Intrusion as a Service is specifically designed to not only facilitate your answers to these questions but introduce substantially greater levels of confidence and precision to those answers. It allows security programs to evaluate the specific threats that can be observed and/or detected, all at a much smaller scale than a penetration test or red team assessment.
Each month, you will receive a new Intrusion Package containing a deployment command and an Agent Behavior Report. After you receive the Intrusion Package, you simply need to run the deployment command in order to briefly compromise the system. The agent will become active on your system and conduct a variety of actions. Upon completion of its tasks, the agent will automatically remove itself from your system.
After the agent completes its tour of your system and/or environment, you will evaluate what you were able to observe, not only on the immediate system, but also within the entire network (if applicable). Once you have collected all of your observations, it’s time to review the Agent Behavior Report, which explains every task that the Agent performed. Comparing your evaluation & observations with the Agent Behavior Report will reveal which of the agent’s activities were identified and which went undetected.
Throughout the course of the month in which you receive each deployment command, you will have the ability to re-run that deployment command ad-hoc, in order to allow fine-tuning of your team’sdetection capabilities. At the beginning of each subsequent month, you will receive a new Intrusion Package, which will deploy a new agent that performs new actions.
While the Intrusion as a Service offering doesn't replace a penetration test or red team, it can help your team begin or continue to develop robust detections and test the human process to interpret incoming telemetry.