Elevating Offensive Red Teaming with SIP by Brian Contos

Verodin and Erasco Group threw a party for some current and future customers last night in Houston. There were companies across oil and gas, finance, healthcare, and legal.  Best of all, some of Verodin’s Security Instrumentation Platform or SIP customers presented on how they are using the Verodin SIP. It’s always great to hear the stories from the trenches.

One of the oil companies had the leader of their offensive (red) team talk about life before and after Verodin SIP. He presented some really compelling use cases. He demoed several live attacks and discussed how they are going beyond their traditional red team roles.

The red team leader showed how they elevated the role of red teaming by:

  • Using Verodin SIP to augment their current tools and processes – while their existing security assessment tools focus on system vulnerabilities, patches, etc., they use Verodin SIP to validate the efficacy of their security controls: firewalls, IPS, endpoint security, DLPs, SIEMs, etc.
  • Leveraging Verodin SIP to perform automated evaluations every hour to validate what’s working and what’s not instead of periodic, scheduled assessments
  • Measuring the impact of new attacks by integrating Internet-sourced, malicious PCAPs and threat intelligence feeds into Verodin SIP and testing their security controls with those PCAPs in minutes

These are all great points, but what I really love is how they are using Verodin SIP to take their red teaming into new areas of their organization to include business decision makers by:

  • Bridging the gap between offensive red teaming and defensive blue teaming by not only illustrating the issues in firewalls, SIEMs, endpoint security and the like but showing exactly how those defensive controls are responding to attacks through preventing, detecting, correlating, and alerting
  • Going beyond classic penetration testing reports by moving to output that is actionable for SOCs – with Verodin SIP they are prescriptively providing a roadmap of the exact rules, signatures, and correlations needed to prevent, detect, correlate and alert
  • Moving their analysis from just being technically relevant to utilizing trending, gap analysis with quantitative, empirical data so that their results can be measured like other strategic business units from a business risk perspective – not just technical risk

Nothing is better to me than seeing customers getting real technical security value and business value from Verodin. A big thanks to the speakers and to Erasco Group for helping us put the party together.

*** This is a Security Bloggers Network syndicated blog from Verodin Blog authored by Verodin Blog. Read the original post at:

Secure Coding Practices