ASSESSMENTS

UPON REQUEST AND AS RESOURCES ARE AVAILABLE, SCRIPT-WOLF CAN PROVIDE RISK AND VULNERABILITY ASSESSMENTS THAT IDENTIFY VULNERABILITIES THAT ADVERSARIES, AND OTHER THREAT RISKS COULD POTENTIALLY EXPLOIT TO COMPROMISE SECURITY/DATA CONTROLS.

AT THE CONCLUSION OF OUR ASSESSMENT, WE PROVIDE OUR CLIENT WITH THE CONFIDENTIAL ASSESSMENT DATA ALONG WITH TAILORED RISK ANALYSIS AND WAYS THEY CAN IMPROVE THEIR CYBERSECURITY POSTURE.

DURING AN RVA, (RISK/VULNERABILITY ASSESSMENT) WE COLLECT DATA THROUGH ONSITE ASSESSMENTS AND COMBINE IT WITH NATIONAL THREAT AND VULNERABILITY INFORMATION TO PROVIDE AN ORGANIZATION WITH ACTIONABLE REMEDIATION RECOMMENDATIONS PRIORITIZED BY RISK.

CISA DESIGNED RVAS TO IDENTIFY VULNERABILITIES THAT ADVERSARIES COULD EXPLOIT TO COMPROMISE NETWORK SECURITY CONTROLS.

AN RVA MAY INCORPORATE THE FOLLOWING METHODOLOGIES:

•  SCENARIO-BASED NETWORK PENETRATION TESTING
•  WEB APPLICATION TESTING
•  SOCIAL ENGINEERING TESTING
•  WIRELESS TESTING
•  CONFIGURATION REVIEWS OF SERVERS AND DATABASES
•  DETECTION AND RESPONSE CAPABILITY EVALUATION

AFTER COMPLETING THE RVA, WE PROVIDE THE ORGANIZATION A FINAL REPORT THAT INCLUDES BUSINESS EXECUTIVE RECOMMENDATIONS, SPECIFIC FINDINGS, POTENTIAL MITIGATIONS, AND TECHNICAL ATTACK PATH DETAILS.

THE ANALYSIS MAPS THE ATTACK PATH TO THE MITRE ATT&CK®, WHICH IS A FRAMEWORK MEANT TO HELP BUILD A GLOBAL COMMUNITY-DRIVEN KNOWLEDGE BASE, COMPRISED OF THE KNOWN TACTICS, TECHNIQUES, AND PROCEDURES (TTPS) OF THREAT ACTORS. CISA PUBLISHED A BEST PRACTICES FOR MITRE ATT&CK MAPPING GUIDE THAT PROVIDES NETWORK DEFENDERS WITH CLEAR GUIDANCE, EXAMPLES, AND STEP-BY-STEP INSTRUCTIONS TO MAKE BETTER USE OF MITRE ATT&CK AS THEY ANALYZE AND REPORT ON CYBERSECURITY THREATS.

THE ANALYSIS ALSO COMES WITH AN INFOGRAPHIC THAT BREAKS OUT THE MOST SUCCESSFUL TECHNIQUES FOR EACH TACTIC DOCUMENTED FOR THE FISCAL YEAR AND INCLUDES THE SUCCESS RATE PERCENTAGE FOR EACH TACTIC AND TECHNIQUE.