"The penetration testing space today has become a race to the bottom where the industry players compete with each other on price and not quality or depth," said Syndis CEO Rich Smith. "The sophistication level of the practitioners in the space varies widely and most offerings are more about compliance than security. These brittle assessments offer very limited, compartmentalized value and they are woefully inadequate when it comes to conveying the impact an organization would suffer were they to be targeted by a real-world sophisticated attack team."
LiveFire more closely mimics both the techniques and capabilities employed by sophisticated threat actors. The tailoring of attack chains by Syndis to include the use of 0-day and N-day exploits contextualizes them to illustrate true impact to an organization and allows LiveFire to vigorously test the resilience and security posture of that organization. The application of the ever growing catalog of 0-day and N-day exploits found and produced by Exodus gives LiveFire a continual supply of fresh, high-impact exploits unlike any other offensive service available.
"There are a lot of excellent pen-testers out there," said Exodus CTO Aaron Portnoy, "but the number of pen-test companies that can also do advanced vulnerability research and code a weaponized exploit in the volumes we do is zero. LiveFire allows us to provide the operators at Syndis with the resources they need in a timely manner and in a fashion that does not add time overheads or excessive cost to engagements."
LiveFire allows both firms to tightly focus on what they do best, while providing customers with outstanding value not simply in a given engagement, but to the security of their IT enterprise overall. The results of a LiveFire assessment give C-level security leaders:
-- The ability to better understand the impact that would arise from their organization being targeted by someone with access to 0-day/N-day exploits;
-- The ability to independently and realistically validate the effectiveness of existing defenses that claim to detect or inhibit the use of 0-day exploits;
-- The ability to test security architectures and courses of action created from the "assumption of breach" mindset;
-- The most realistic dataset possible that includes real-world non-public exploits, allowing them to develop and customize detection and monitoring capabilities for attacker behavior rather than "signatures";
-- Support realistic kill-chain analysis and relative remediation priorities for a client trying to defend against a sophisticated adversary;
-- The ability to be able to qualitatively assess the effort an adversary would have to go to in order to be able to circumvent the current defenses.
For additional information about LiveFire please contact [email protected]
Exodus Intelligence is comprised of a team of world-class security researchers dedicated to providing their customers with the latest exclusive information on emerging zero-day threats. With over 30 years of combined experience in the industry, along with their 150+ independent researchers, Exodus is able to determine, and report on critical threats facing technology today. For more information about Exodus please visit https://www.ExodusIntel.com or follow @ExodusIntel on Twitter.
Headquartered in Reykjavík Iceland, with offices in New York and Copenhagen, Syndis is a research-focused center of expertise for cybersecurity in Iceland as well as the wider Nordic region. Specializing in the provision of offensive security based insights and solutions for the public and private sectors; Syndis' investment in both internal R&D and academic partnerships ensures constant and bleeding edge innovation. For more information about Syndis please visit http://synd.is or follow @TheSyndis on Twitter.