What are SecCore Essentials?
We created our SecCore Essentials to provide basic security configurations that mitigate common attack vectors in enterprise environments. These Essentials are meant to represent a minimum security standard that can be implemented with as little effort as possible. Each Essential focuses on a specific area of security, such as network protocols, password management, or system hardening.
We place great importance on the fact that these measures can be implemented without the need for significant investment, and are not dependent on operating systems or hardware. Additionally, we compiled these Essentials to have as much real security impact as possible. As offensive security experts, our goal is to improve security by simulating real-world attacks. Therefore, we focus on measures that directly mitigate common attack vectors we frequently encounter during our engagements.
How are SecCore Essentials structured?
Each SecCore Essential is presented as a blog post that provides a summary of the security configurations that should be implemented. The post also includes detailed information about the specific area of security, common attack vectors, and the impact of not implementing the recommended configurations by providing a real-world attack scenario.
Who are SecCore Essentials for?
Our SecCore Essentials are primarily aimed at small and medium-sized enterprises that may not have the resources to implement comprehensive security measures. However, they can also be beneficial for larger organizations as a foundational layer of security.
How do they tie into our engagements?
In order to provide more context to our penetration tests, we include a SecCore Essentials review as part of our engagements. This review assesses the implementation of the recommended security configurations and provides a maturity level for assessing the overall security posture of the organization.
This gives a good overview of the security measures that have been implemented and makes it possible to track improvements over time. We also, of course, test the effectiveness of implemented security measures during our engagements. Contact us for a demo report or to discuss our approach in a personal meeting.
Interested?
All our SecCore Essentials can be found in our Essentials Category Page. These are provided free of charge, as we believe that basic security configurations should be accessible to everyone:
- Active Directory Tier Model
- ADCS Security
- Backup Security
- Client Hardening
- Kerberos Security
- LDAP Security
- Network Layer Security
- Network Protocols
- Password Security
- Sensitive Information Protection
- SMB Security
- Vulnerability Management
If you are interested in a security assessment of your environment, or want to talk how to best implement these Essentials, please do not hesitate to contact us. You can find all of our services on our Services Page.