The Mandiant relies on a systematic, repeatable and reproducible methodology. We begin by establishing the following core information and rules of engagement, agreed upon in collaboration with the organization’s leadership team:
- Does the begin its effort with information about your environment (white box) or with no information at all (black box)?
- What intelligence does Mandiant already have about high-risk assets and vulnerabilities in your industry?
- What objectives do you want the Mandiant Team to accomplish in simulating a real-world attack?
After identifying objectives, the team attempts to breach your environment, maintain persistence, escalate privileges, obtain access to key systems, generate fake data that emulates sensitive production data and simulate data theft. These assessments focus on non-disruptive, non-damaging tactics to achieve their objectives—as real attackers try their best not to disrupt their target’s operations because people ask questions when services go down.
Security Operations builds on Mandiant Operations, using a step-by-step scenario-based exercise to test detect, prevent and respond capabilities at each phase of the attack lifecycle.