· Staff · 2 min read
Goal Based Penetration Testing
Goal-based penetration testing from Strategic Defense is a blend of offensive security testing that serves to highlight an organization’s real-world risk. It specifically emulates modern threat actors that use Tactics, Techniques, and Procedures (TTPs) that vulnerability scanners and automation simply can’t find or re-create.
How does it do that?
For every test we scope, we define a threat model. We gameplan about the different types of attackers you might face, review your overall network architecture, and then scope up a test that aligns with that threat model. The point is to define goals that can guide engagement and achieve the test flow you’re after.
This up-front work means we set out to achieve the same goals during testing that a real-world threat actor might. You get a live-fire view into what it would look like for a motivated, skilled attacker to test your perimeter, your cloud environment, your applications, your wireless networks, etc.
Mix that with the best security talent on the planet, add in some methodology we’ve drafted after decades of delivering thousands of penetration tests, and you get top-of-the-heap adversarial testing that helps you answer the big questions:
Could a threat actor breach my environment, and would my team be able to detect them once they are in?
Thats the whole point in this type of testing; emulate what the real bad guys are doing, so you get the best preparation to beat them. Find the critical flaws in your environment before they do. Exercise your blue team so they are in-shape for potential events in the future. Test your security stack to spot the gaps beforehand.
It’s penetration testing done right.