The Pentesec SOC is built around advanced SIEM, XDR and Vulnerability Management solutions that deliver powerful industry leading threat prevention
Alongside these services, we also offer optional add-on solutions that can elevate your security even further.
Cyber Security and Phishing Awareness
Leveraging Microsoft Defender Attack Simulation and Phishing Awareness Training the Pentesec SOC can run regular attack scenarios against your organisation and end users.
These simulated attacks can help you identify and find vulnerable users before a real attack impacts your bottom line.
- Target users with customised simulations and campaigns
- Identify vulnerable users and automatically offer targeted top-up training
- Receive reporting on campaign compromise and training efficacy
- Identify repeat offenders for follow up activity
Each campaign will be structured to meet your needs. You pick which users are to be targeted and which of our attack payloads to be deploy.
Our broad range of attacks include:
- Credential Harvest: The recipient receives a message that contains a URL. When they click it, they are taken to a website showing a dialog box that asks the user for their username and password. Typically, the destination page is themed to represent a well-known website in order to build trust in the user.
- Malware Attachment: The recipient receives a message containing an attachment. When they open the attachment, arbitrary code (e.g. a macro) is run on the user’s device to help the attacker install additional code or further entrench themselves.
- Link in Attachment: A hybrid of a credential harvest. The recipient receives a message containing a URL inside of an attachment. When they open the attachment and click on the URL, they are taken to a website that asks the user for their username and password. Typically, the destination page is themed to represent a well-known website in order to build trust in the user.
- Link to Malware: The recipient receives a message containing a link to an attachment on a well-known file sharing site (for example, SharePoint Online or Dropbox). When they click on the URL, the attachment opens, code is run on the user’s device to help the attacker install additional code or further entrench themselves.
- Drive-by-URL: The recipient receives a message containing a URL. When they click on the URL, they’re taken to a website that tries to run background code. This code attempts to gather information about the recipient or deploy arbitrary code on their device. Typically, the destination website is a well-known website that has been compromised or a clone of a well-known website. Familiarity with the website helps convince the user that the link is safe to click. This technique is also known as a watering hole attack.
- OAuth Consent Grant: An attacker creates a malicious Azure Application that seeks to gain access to data. The application sends an email request that contains a URL. When the recipient clicks on the URL, the consent grant mechanism of the application asks for access to the data (e.g. the user’s Inbox).
Ahead of each simulated campaign, Pentesec consultants schedule a planning meeting to establish:
- Which areas of the organisation are to be targeted
- The type of attack simulation to be employed
- Date and time the campaign should be launched
- Review any required localisations and training content
We then configure and run the simulation as defined. During the campaign, compromised users will be presented with Microsoft security training content to help them better identify these threats in future. Customised bespoke training content can also be provided subject to agreement and additional cost.
Following each campaign, Pentesec will produce a report detailing the results of the attack simulation and efficacy of the training provided.
This will include:
- Total number of users targeted
- Overview of the selected attack and payload
- Volume of users compromised by the simulation
- Volume of compromised users who completed the training content
- Performance against previous simulations
- Key repeat offenders
Microsoft Security Advisory and Governance Services
The Security Advisory and Governance Service is a consultant overlay that extends our day-to-day XDR services to provide an ongoing security posture review and assessment service.
Pentesec’s dedicated Microsoft Security experts assess your Microsoft security posture and threat landscape using historic data to provide insight into key events and anomalous behaviours, with commentary covering best practise and recommendations to improve your security posture.
The service is available on a monthly, bi-monthly or quarterly basis to suit your needs.
When delivered in conjunction with our wider managed security services, Pentesec can collate and assess security event, configuration and reporting data to build a deeper understanding of the behaviours and threats targeting your environment. We then leverage our expertise to build an ongoing security strategy.
Periodic reviews will enable further improvements to the security of data, devices and identity within M365 and Azure – enabling effective management of shadow IT, the implementation of advanced identity / device management controls and the management of sensitive data access across a range of platforms.
As part of the review, Pentesec’s experts will document and present findings for discussion, covering areas such as:
-
- Key events and activities that require investigation or other follow up activity.
- Trends and areas of risk within your existing configuration.
- Strategic advice and next steps
- Unused Microsoft security tools and capabilities that could be deployed and how they might mitigate identified risks
- Opportunities to maximise adoption of licensed features and capabilities
- The latest enhancements and additions to the Microsoft security stack
Our services are constantly evolving to incorporate new technologies and defend against new threats. If you would like to find out more about our Security Operations Centre and explore how our services can benefit your organisation, contact us here or on enquiries@pentesec.com and one of our security experts will be happy to guide you through everything you need.
To find out more about the Pentesec SOC, visit our SOC Hub.
