NAVISEC DELTA

Delta is the offensive arm of NaviSec. The name pays homage to the mathematical term for a rate of change. Cyber threats are evolving at an accelerating rate, placing exponentially greater demands on cyber security to match this pace. In assessing your cyber security posture, traditional defensive measures may be inadequate relative to the value of your data and potential damage caused by a breach.

Through Delta, you can take advantage of our competitive adversary simulation services to get a complete picture of your environment from an attacker’s perspective. This is particularly important for companies using custom applications or supporting complex intellectual property concerns, which may be difficult to assess using one-size-fits-all assessment tools.

All NaviSec Delta partners are guided through a baseline assessment as part of the onboarding process. This assessment bundles services and expertise designed to give the NaviSec team a clear picture of your organization’s structure, processes, and overall security posture.

The results of your baseline assessment will provide a clear map of the journey ahead, ranging from changes with immediate impact to protecting your assets with a long-term perspective in mind.  

Our Process

NaviSec recommends quarterly vulnerability assessments and annual penetration tests. A vulnerability assessment utilizes a scanning appliance to test assets for known vulnerabilities in your local environment and public facing internet connected devices.

This process has two key deliverables. First, a technical report is generated for your IT professionals that identifies which devices and what vulnerabilities were detected in your environment. Next, NaviSec engineers analyze this technical report and provide executive level context to explain each vulnerability, perceived risk, and range of potential solutions.

These hand-written executive reports leverage decades of experience from NaviSec engineers to provide an organizational state of security for a non-IT audience without sacrificing depth or detail on key takeaways. Upon delivery of the technical and executive reports, NaviSec schedules a review call where your team has the opportunity to ask questions and thoroughly discuss potential solutions to any issues identified in the report.

The goal of the quarterly vulnerability assessments is not only to test for new vulnerabilities that may affect your environment since the last scan, but also to validate that previous vulnerabilities have been remediated. This type of assessment will immediately strengthen your security posture.

A penetration test is the next step in a company's security program. Once vulnerabilities have been identified and remediated, a penetration test will put your security controls to the test with a human that will try to gain access to your environment. As part of the verification process, the team will actively try to exploit these flaws using the same approach as a real-world attacker. NaviSec follows the PTES attack framework: http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines

If your company has defensive security engineers, a SOC in place or a Blue Team, NaviSec may recommend a Red Team engagement. After a baseline assessment, NaviSec engineers will assess whether your company is ready for a red team and may recommend widening the testing scope. This may include phishing, physical access, and using advanced techniques as documented in the MITRE Att&ck framework https://attack.mitre.org/. A red team engagement will mimic the actions of a highly-advanced, motivated attacker, yielding a wider view of your organization’s security posture.

In summary, penetration tests are designed to assess infrastructure, while red team engagements are designed to test (and therefore train) personnel.


Example Reports

Below are some pages from our example reports.

Please have a look at our demo reports for penetration test executive reports and vulnerability assessment executive reports. As with everything we do at NaviSec, we're constantly trying to improve how we work and communicate with our clients. As such, you may find that the reports differ slightly to what is shown here.

Our Holistic Approach

Partnering with NaviSec Delta provides access to exclusive services, experienced engineers, and the advantage of a holistic approach to cyber security. Adversary simulation services, such as pen testing and red teaming, and vulnerability assessments provide a thorough picture of both infrastructure and personnel which is distilled into technical and executive reports. We provide immediate, actionable information, while maintaining a long-term perspective tailored to your needs and goals.

Additionally, every 12 months NaviSec delivers an annual executive review report containing an overview of your security posture in the past year. This report clearly summarizes overall security posture, vulnerabilities that have been patched, and outstanding issues in clear, impactful format designed with an executive’s busy schedule in mind. Our no-pressure sales team is happy to provide sample reports.

Security is a journey, not a destination. Let NaviSec Delta be your guide.

Definitions


Security Assessments

Always ensure that your cyber security vendor understands the differences between types of assessments and is not using terms interchangeably. There is a difference.

Network Segmentation Test (Reducing PCI Scope)

Network Segmentation Tests determine if a network that is believed to be not part of the Cardholder Data Environment is truly segmented. This allows networks such as the Corporate LAN to be out of scope for PCI requirements, thereby reducing PCI Auditing costs.

Vulnerability Assessment

Regularly scheduled assessments of open vulnerabilities detected in your environment. This assessment touches workstations, servers, switches, routers, printers, phones and anything with an IP address. NaviSec performs an automated scan with security engineers reviewing the results and packaging the overall evaluation as an Executive Report. This report includes custom recommendations and trends to assist with overall remediation and prevent future vulnerabilities. [include sample report?  or include recommendations and trends page?

Penetration Test (Pentest)

A penetration test is a true validation of your company's current security controls. Pen testing is required by PCI and other auditing standards. Where a Vulnerability Assessment leverages a scanning tool to produce much of the assessed data, a penetration tests relies on offensive security engineers who try to gain access to a client's environment using methods approved in an initial project scope. NaviSec follows the Penetration Testing Execution Standard [http://www.pentest-standard.org/index.php/Main_Page.

Red Team Assessment

A Red Team takes a step beyond penetration testing. Where a penetration test is assesses defenses (security controls), a Red Team Assessment tests your defensive personnel (blue team). This is an advanced, as-open-a-scope-as-possible assessment that will truly model real world TTPs of the malicious hackers, Advanced Persistent Threat (APT) groups, or very targeted attackers.

Vulnerability Management

Ongoing, quarterly vulnerability assessments and penetration testing as a flat monthly rate. The same vulnerability assessments and penetration testing above at a fixed monthly spend. Vulnerability Management is the most popular product among NaviSec clients.

Services


Penetration Testing

Vulnerability Assessment


Red Team


Security Auditing


Web application assessments


Adversary Simulation

Plan your security journey with NaviSec