Security Control Audit (SCA) Service

Continuous Security Validation Managed Service for Cyber-Threat Simulation & Mitigation

Automation and orchestration solutions are not limited to the realm of Cyber Defense. In fact, your adversaries—hackers—are constantly targeting you using automated tools such as vulnerability scanners, port scanners, and more.

Their primary goal is simple: to massively test for exploitable flaws and vulnerabilities in services exposed to the Internet. Let’s take a few examples of recent Common Vulnerabilities and Exposures (CVEs) that made headlines:

• CVE-2020-5902 | Multiple vulnerabilities in F5 BIG-IP TMUI

• CVE-2019-19781 | Vulnerability in Citrix Application Delivery Controller and Gateway

• CVE-2018-13379 | Multiple vulnerabilities in Fortinet FortiOS

• CVE-2020-0609 | Multiple vulnerabilities in Windows RDP Gateway Server

First of all, were you aware that your security control devices (Fortinet, Citrix, F5, etc.) may have one or more publicly disclosed vulnerabilities—potentially compromising the very protections you’ve invested time and money in configuring?

Moreover, as advanced threats increasingly combine sophisticated techniques and constantly evolve to bypass defenses, how can you be sure your organization is resilient against the latest advanced attack scenarios (cf. MITRE ATT&CK Framework)?

To keep up with the growing number and speed of evolving threats, a new approach is required—one that continuously validates the effectiveness of your existing security controls.

e-Xpert Solutions SA introduces its new managed security service, Security Control Audit (SCA)—powered by the expertise of AT-Defense SOC analysts and the PICUS Security Continuous Adversary Simulation Platform.

How does the service work?

Unlike traditional vulnerability scanners, the platform simulates real-world cyberattacks by emulating both victim and attacker systems within your production network. This enables continuous assessment of your security controls’ configuration effectiveness—without disrupting business-critical applications.

The base service includes three victim probes:

Network

To attack the red-colored network probe deployed in the DMZ, the simulated attack must first pass through network defenses such as a Web Application Firewall (WAF), an Intrusion Prevention System (IPS), or a proxy. The goal here is to verify whether the WAF effectively blocks attacks targeting services exposed to the Internet and hosted in the DMZ.

Email

The email probe uses a generic mailbox, typically protected by a Mail Transfer Agent (MTA) or email security gateway. This probe receives emails containing malicious attachments and phishing links. The objective is to test whether the MTA-based security control properly blocks these types of threats.

Endpoint

The endpoint probe is deployed as a lightweight agent on a representative corporate workstation. It attempts to retrieve malicious content via the Web Proxy and/or Next Generation Firewall (NGFW) with IPS and/or Sandboxing capabilities.
The first objective is to verify whether the Web Proxy or NGFW effectively blocks access to malicious content. If malicious content reaches the workstation, the second objective is to assess whether the endpoint protection (e.g., Next-Gen Antivirus) can detect and block the attack at the moment of execution.

If a security control component (WAF, NGFW, Next-Gen Antivirus, MTA) fails to block an attack, it is clear evidence that adjustments are needed to address the weakness in that control.
e-Xpert Solutions will provide a detailed report on the security posture of each assessed component, along with mitigation recommendations as part of the final reporting.

SCA Service Features

• Automatically and continuously (24/7) test the resilience of your security infrastructure—just like the most advanced cybercriminals do today.
• Evaluate the effectiveness of existing security controls against both known and emerging threats.
• Precisely tailor mitigation actions for each specific threat sample.
• Identify security risks through in-depth analysis of your security posture reports.

SCA Service Benefits

• What is the real-world effectiveness of your current security controls against today’s threats?
• What prioritized actions should your teams take to improve the efficiency of your security controls?
• What are the most cost-effective investments to maintain or strengthen to significantly enhance your security posture?

e-Xpert Solutions offers two service options:

1. A one-time audit, performed once or several times per year.
2. A recurring monthly service with weekly alerting in case anomalies are detected—for example, when a configuration change causes a drop in your security performance indicators.