The Challenges
Recognizing the vulnerability posed by threats from adversaries, the client was determined to ensure that intellectual properties and critical assets at each of their four California sites were securely protected. The materials under development at these locations were indispensable to the client's current and future success in their industry. Any compromise to these materials could have far-reaching consequences, potentially affecting their operational capabilities, financial stability, and the integrity of their reputation.
Challenges Before Rozin Security:
Insufficient Research to Assess Threats — Restricted data available to evaluate threats in the competitor landscape, lacking the ability to conduct due diligence to identify publicly available information that could be leveraged by a threat actor
Effective Assessment Policies — Pressure from compliance to conduct a thorough security assessment of this asset — only a standard security assessment had been performed in the past using internal set compliance standards
Change Management — Internal frustration within departments, as a previous assessment that was unsuccessfully conducted created a lot of tension
Our Solution
To assess the full scope of vulnerabilities the client faced, Rozin Security simulated attempts by malicious actors to breach the sites to determine their ability to deter, detect, respond, and preemptively intercept potential threats.
A team of specialists were assigned to holistically test the client’s security operations, simulating the attack cycle of a sophisticated threat actor. This included:
Pre-attack planning over the span of five days (Planning uncovered the site layouts and blueprints of each location, current projects, security posts and patrol patterns, persons assigned to the site and associated attire, potential unsecured points of entry and door hardware, access control technology, and video surveillance camera capabilities.)
Conducting open-source research to identify publicly available information that could be leveraged by a threat actor.
Performing surveillance (by Rozin’s field operators) on each site’s physical, technological, and operational security measures, and developing a plan to overcome them.
The Red Team operators then developed a bespoke plan to breach each site. The pre-attack research and planning allowed operators to test the security apparatus at each site, bypassing many of the physical, technological, and operational security measures. The Team replicated the below potential methods of action to test the sites’ security measures:
Security guard and vendor impersonation to gain site access
Diversions to redirect security personnel from breach points
Theft of physical access control keycards/employee IDs and two-way radios from site security personnel
Advanced phishing techniques to illicit information and assistance from site staff
Bypass physical door hardware using commercially available tools
Challenging security policies, including tailgating and the issuance of temporary badges
All in all, significant vulnerabilities were identified in existing operational, physical, and technological security measures. Rozin Security achieved all assigned objectives described above — most notably, simulating the exfiltration of sensitive information/devices, demonstrating the capability of planting malicious software onto vulnerable workstations, and accessing key secured rooms. The team was able to gain access to the client’s secure buildings and navigate within them, remove prototype devices and sensitive information, and simulate the placement of covert technical surveillance devices.
The Results
Security is a team sport, and placing the entire burden solely on one team creates vulnerabilities that can be easily exploited. However, delivering that message to other areas of an organization and ensuring they understand the consequences of keeping security measures status quo is extremely difficult without the right data and concrete examples.
At the conclusion of the Red Team Service, the client was left with:
A hyper-realistic understanding of their vulnerabilities — empowering them to share specific instances of what could be capitalized on and the potential for misuse
NEW: Now the client had examples and data (I.e., it took 7 minutes to breach access point 12 on site 2) to support budget requests.
Policy changes that could be easily implemented
NEW: An internal security standard was set for organizational assets that require a high level of protection. Instead of simply assessing security by internally set compliance standards, their assessment matched the capabilities of a more sophisticated threat actor.
An invaluable sense of trust among internal teams
NEW: The Red Team Services engaged areas beyond just security so multiple departments were aligned with redesigning their physical security measures and enhancing the level of technological solutions used. The client commissioned additional Red Teaming Services for a multitude of additional highly critical organizational assets moving forward.
Today’s threats are growing increasingly more and more complex and cannot afford to be met with yesterday’s standards of protection. Leveraging Rozin Security’s adversary-minded approach to identifying vulnerabilities, the client was able to assemble a comprehensive strategy for heightened protection – putting concrete, realistic examples of threats gone awry in the hands of senior leaders.
This information helped secure an immediate and significant investment in security measures for this business-critical asset, setting a precedent for future Red Team engagements.