CovertSwarm is an offensive security pioneer. Our research, tests and assaults continuously probe your attack surface to identify weaknesses and help you fix them in real-time for cyber security that never sleeps.
This continuous testing approach is unique in our industry, and one of our newest recruits, Hive Member Tony Dixon, has already noticed how differently we do things. With over 15 years of experience in the information technology and security sectors, he’s sharing his views on how cyber security needs to change, how CovertSwarm is leading the charge, and how organisations can better protect themselves in the future.
The cyber security problem
Almost every business and individual is online. But many don’t protect themselves as well as they should. Your most valuable assets need continuous testing, while identified threats need monitoring. Because the moment you take your eye off the ball, an attacker will find a way in.
Continuous testing isn’t the norm in our industry, despite new threats and technologies emerging on a daily basis. Instead, businesses often rely on yearly testing and automated testing that only skims the surface. Sometimes, there’s also too little budget for the deeper dive that’s needed, or the company security budget is signed off too late.
Tony cautions, ‘’Lots of businesses rely on automated scanning due to having short timeframes and pressure to deliver. While it’s good to be proactive, this only tells half the story because while automated tooling builds a picture of your attack surface, manual testing helps you discover vulnerabilities that may have been missed. It’s our view that automated software should be used as a complement to the manual approach, and not as a replacement.”
But this is only part of the problem. Ethical hackers need to better understand their clients’ applications and infrastructure, from how they’re put together to how they function. No two businesses are alike, so no two penetration tests should be either. But to give a tailored approach again needs time, which is why continuous testing is so important – creating the opportunity to dive deeper.
“I performed my most successful mobile test ever in my first week at CovertSwarm,” says Tony. “With time to be flexible, I could go deeper into the binaries, and uncover some sensitive information that drastically increased the attack surface. I couldn’t have found valuable intel like this in a short testing window. Being pressed for time doesn’t give you the opportunity to read all the files when you’ve decompiled an application – it merely gives you a chance to search for sensitive strings within a binary, without fully understanding what their purpose is.”
Our approach to cyber security
Continuous testing is just one way we’re revolutionising cyber security. There are four strings to our approach:
1) Model
Annual testing gives a point-in-time snapshot that quickly becomes outdated. Our subscription model allows our Hive Members to test on a more continuous basis and discover more vulnerabilities. This could involve anything from testing the same client once a month to testing daily, which helps us better understand them, learn about their business and take a more proactive approach to testing. And this is exactly what an attacker would do.
“We can’t fit every app into a ‘tick the box’ 3-day methodology,” Tony explains. “We might have an application with an abundance of files inside, and rather than skim these files looking for sensitive information or even searching for strings, we’re taking the time to read the files and understand the context of the app.”
2) Approach
We begin by mapping out your attack surface using open source intelligence (OSINT). This could include company email addresses, firewalls, servers, members of staff and even developer comments on an application store. After gathering our intel, we use our offensive security methodology to break into your applications. With time on our side, we go deeper and wider than anyone else, then share our insights for you to make fixes and further strengthen your security posture.
Tony’s expertise in gathering mobile application intelligence means he knows exactly what to look for. “Common things I’ve found are sensitive data in the binary, like AWS Credentials; firebase URLs; developer logins; even a bunch of API Keys – to name but a few. These could increase your attack surface significantly.”
3) People
As the saying goes, an organisation is only ever as good as its people. And at CovertSwarm, we only hire the top talent in the industry, building cyber squads of specialists – Hives – that come together as a powerful Swarm. But we also invest in new talent too, through internships, partnerships and graduate schemes, because these are the penetration testers of tomorrow.
People are just as important within the organisations we protect, so we train teams in areas like cyber hygiene – such as accessing, storing and using data securely. Tony explains: “Not only do we look at this from a security perspective, but we look at it from a privacy perspective too. Take a mobile e-commerce app, for example. When you’re buying something online, does the application really need access to your exact location? We should always think about what an app is asking for access to and whether it’s needed.”
4) Tools
We run our operations through the Offensive Operations Centre (OOC), a platform that gives you insights into hidden and evolving risks and vulnerabilities in real-time. We offer the full spectrum of testing, giving you control over what we research, test and attack. And with a dedicated contact to liaise with at all times, we’re always ready to accept your orders or regroup for a debrief.
Changing the face of cyber security
There’s no question – the corporate attitude to cyber security testing needs to change. And at CovertSwarm, we know exactly how to do it.
-
Treat cyber security as an ongoing investment to keep pace with changing threats
-
Build a culture of cyber security in the workplace, so everyone takes responsibility
-
Tailor testing to organisations using their own code, structure and data centres
-
Work more closely together as an industry – just as our Hives feed into our Swarm
Ultimately, Tony says it best: “Times have changed, and we as consultants must change, too.”
Get in touch with us to find out more about our model and how we can help strengthen your cyber security, day after day, after day. And if you’d like to join the Swarm, our door is always open. View our vacancies or send us an email to get started.
Cybersecurity Glossary
Read this comprehensive list we’ve compiled to assist experts, C-level executives, and those embarking on a cybersecurity career in navigating the extensive array of terms in…
An In-Depth Guide to Remote Desktop Protocol (RDP)
The continually changing nature of today’s workplace has made remote access technology essential.
Mitigating Credential Stuffing Attacks with IP Rotation: Strategies and Considerations
This article covers effective strategies to fight credential-stuffing attacks using IP rotation. By Ibai Castells
CovertSwarm at DEF CON 32: Insights from the Swarm
This time last week, our Swarm was taking over Las Vegas at DEF CON 32 – one of the biggest and oldest hacker conventions in the…