Social Engineering Testing
Evaluate risk, identify breakdowns in protections, and implement remediation strategies
Many organizations go to great lengths to protect their sensitive data with firewalls and access security systems, yet fail to realize that the weakest link in their data defenses is their own people. Social engineering is the most common – and highly successful – tactic used by adversaries to gain unauthorized access to a network. Social engineering is a non-technical attack that tricks unsuspecting employees into breaking normal security procedures and giving network access to attackers.
We tailor assessments based on the audience, and test that audience using the threats that we can expect them to encounter (malicious invoice/resume, email from a friend/co-worker, etc.). Testing activities remain in a controlled environment, and assessment results provide actionable remediation.
For all social engineering services, we provide a detailed description of the assessment, results, and our recommendations. We also offer an in-depth debriefing to discuss findings and remediation with your stakeholders.
Our social engineering methodology follows these standard phases:
Find out who works for the company, what their jobs are, and the types of email that they receive
Identify what companies send the email, and what the email looks like
Determine when and why they might receive a particular message
Present available scenarios
Select scenario for campaign
Purchase domains, create accounts, and author emails
Setup infrastructure, run tests, and get customer approval
Launch attack, and monitor responses
Update customer, and provide debriefing
During the test, we communicate with you daily to let you know who opened the email as well as who clicked on the link or opened the attachment. Giving you an opportunity to ask questions or get more information.
Executive and Technical Reports
At the conclusion of the test, Hellfire provides you with two reports: one for executive management so that they can see who is putting the company at risk and one for the IT department, demonstrating the attacks and a record of who fell for what and when.
Types of Tests
Hellfire Security identifies who pick up that USB stick or DVD and connect it their system.
Hellfire Security finds who in your firm will open that email, click on that link, complete that form, or download that attachment.
Hellfire Security finds who in your firm will open that provide personal or business information over the phone.
Why choose Hellfire as your social engineering test partner
Insurance companies, financial institutions, and telecommunications companies are some of the most security conscious companies in the world. They could work with anybody but they choose to work with the best. They choose to work with Hellfire Security.
Our team members undergo extensive training, speak at Defcon and Blackhat regularly, and have earned industry certifications, including GXPN, GPEN, GCIA, OSCP, and CISSP.
We present several possible scenarios based on the pre-existing threats as well as any that might be emerging in their industry.
We work with the customer, and any particular concerns that they might have regarding those threats to select the appropriate scenario.
Our assessments provide valuable insights into your people and how they respond to suspicious activity. With this insight, you can mitigate the risk your users pose. All provided in an easy to understand report that allow you to take immediate action.
Got any questions? Feel free to contact our team 24/7Contact Us »
Top Ten Network Security Tips
Wondering what the "best practices" are for securing your network?
There is a very informative document called "The 60 Minute Network
Security Guide" on the National Security Agency Web site (www.nsa.gov).
Here's a brief summary