Cyber Security Monitoring Operations
High-quality infosecurity preparedness strikes a balance between testing your team on common, expectable scenarios and throwing curve balls to see how you’ll do in extreme circumstances. Caliber’s Operations services meet your infosec team’s operations needs, whether you’re seeking a baseline to understand where you are or looking for practical, up-to-date training to know you’re ready for what’s ahead.
Red & Blue Teams, Security Tabletop and
Security Capture the Flag (CTF) Assessments
Our infosec preparedness offerings range from red (attack) and blue (defense) exercises to interactive training events such as tabletop (sand table) exercises and complex capture-the-flag competitions. Our offerings can be tailored to your organization’s current and target readiness levels and to your specific compliance needs.
Red-team offerings include:
- Investigating your exposure to known and discovered vulnerabilities
- Stress-testing operation plans and environments
- Stress-testing organizational procedures and controls
- Engaging defenders in real time
- Initiating mock / controlled targeted intrusions
All red-team parameters are discussed and confirmed with company representatives before the event, and significant findings are communicated with formal written documentation post-event.
Blue-team offerings include:
- Augmentation of staff handling all phases of incident response
- Assistance in identification, containment, eradication, and recovery processes
- Identification of system-hardening needs and opportunities
- Advice on appropriate technical controls (eg., perimeter defense, packet filtering, firewalls, intrusion systems)
All blue-team parameters are discussed and confirmed with company representatives before the event, and significant findings are communicated with formal written documentation post-event.
Our tabletop offerings are engaging, high-energy simulations designed to test the ability of your response team to follow your current incident response plan and to explore the plan’s ability to withstand actual deployment. We can provide scenarios strictly geared to your technical team, or we can “go 360” with exercises that bring your technical folk in contact with other company subject-matter experts on whom you’ll depend in case of an event. We build our tabletop scenarios in consultation with your company’s leadership, adding Caliber’s understanding of current significant threats as well as OSINT-based research into scenarios plausibly affecting your company. Both our pre-event research and our findings during the tabletop event will be presented to you in a discreet, actionable format after the event.
If your organization is seeking a capture-the-flag (CTF) event, let’s discuss! Our consultants have both designed and participated in a vast number of CTFs over the years and can help you program an event that challenges, inspires, amuses, and engages your team. Both remote and in-person events can be delivered.
Cybersecurity Monitoring and Response Services
As every incident response team knows, it’s hard to defend what isn’t defined. Caliber’s monitoring services shine light onto potential blind spots on your network, evaluating your current architecture, processes, and procedures. We measure your current monitoring performance against industry standards and best practices, and provide recommendations for dialing up (or, occasionally, throttling back) protections.
Our monitoring-analysis team looks at a broad variety of functions and metrics in the process of evaluating your monitoring capabilities. Though every enterprise is different, common concerns include:
- Alert levels and response processes
- Data collection, filtering, aggregation, and analysis
- Potential / existing points of failure
- Processing speed, latency, and bottlenecks
- Reporting and decision-making capabilities
- Scalability (or choke points potentially affecting it)
Our goal is to be sure your incident responders not only understand what they’re currently working with, but know what they can and cannot know about your systems at any given moment.
Social Engineering and Phishing Assessment Services
Saying that the humans are the weakest link of any infosecurity plan is both true and unhelpful — unless you’re able to learn from your humans’ weaknesses. At Caliber, we’re deeply interested in providing not only insight into how your employees respond to potential security issues, but in making sure they learn, grow, and buy into helping to keep your enterprise secure.
Caliber offers both email-response assessment (phishing tests) and a number of social-engineering options, all of which evaluate your employees’ understanding of and compliance with your organization’s policies and procedures. Our social engineering offerings can be customized to assess specific departments or job functions at your organization, and we work closely with you beforehand to ensure that tests are done ethically and in such a way as to derive accurate, actionable results.
If you’re seeking this type of “human-facing” testing, it’s important to understand that Caliber is not in the “gotcha” business — our results and recommendations are designed to educate your employees in how to uphold your processes and to show you when processes or expectations may be out of alignment. Our clients have found that this positive approach is far more effective in building not only good infosec hygiene habits, but trust between infosec and the rest of the company.
Physical Infrastructure Penetration Testing
Testing your digital infrastructure is crucial, of course, but what about meatspace? Physical controls need evaluation as well. Our physical infrastructure pentesting identifies potential security issues with building layouts, locks, sensors, cameras, doors, and perimeters.
Our consultants will confer with you to determine appropriate parameters for testing, including time of day, location, and strategic targets. After our initial meeting, our prep work includes research of precisely the sort an adversary would conduct to target your physical infrastructure; based on that, we execute our tests discreetly and effectively, keeping detailed notes on what we find and where your systems need work. Depending on the desired testing parameters, our work may include:
- Mapping physical access points and perimeter weaknesses
- Testing access to server spaces and data centers (including biometrics, badges, etc)
- Testing electromagnetic data-transfer defense
- Assessing mechanical and electromagnetic locks
- Telephotography / inventory of undesired access to sensitive data
- Identifying human-element concerns (eg., tailgating)
- Evaluating public / uncontrolled access points in public- or semi-public areas
At the end of the test cycle, we’ll report back to you on what we discovered, working with you to contextualize our findings and to derive actionable recommendations from the process. We appreciate that findings from this sort of testing can be highly sensitive, and we work with the client to make sure that discretion is kept at the forefront of the process.