Responsive image

Detection and Response test

Purpose

To assess the capabilities of detecting and responding to potential security incidents in the organisation.

Process

Through extensive and customized detection and response tests, we will demonstrate the current capabilities in accordance with the organisations’ current threat level. Depending on the required severity and depth of the test, we can cover everything from the generic non-targeted attacks all the way up to advanced adversaries with targeted attacks (known as Advanced Persistent Threats). This means that we can conduct a fulfilling detection and response test whether the organisation has:

  • No dedicated IT security employees but various security solutions implemented
  • Dedicated security resources in house like SOC, SAC, CERT, etc.
  • Outsourced capabilities

We use a combination of testing based on hacker methodologies from the MITRE ATT&CK™ framework, and customised storylines which simulate the chain of events that would occur during a real-life incident. Furthermore, we simulate the target specific infrastructure used by adversaries, by renting servers, registering domains and implementing other known modus operandi from real-life targeted campaigns.

Detection and response tests are tailored to the organisation ranging from basic operations during an incident, up to advanced security analysis tasks for dedicated security employees.

Testing can be performed with different strategies depending on the organisation’s aim; informed, uninformed or cooperative where the organisation is informed and actively participates in test execution.

Requirements

One laptop and a user account per storyline. One laptop and a user account for broad testing. Feedback about generated alarms and events during the test.

We recommend

Choosing cooperative testing strategy for inhouse security resources and uninformed for outsourced security resources.

Contact us

+45 7221 5100

[email protected]

Vester Farimagsgade 41, 1606 Copenhagen V

Consulting | Training | Blog | About

© 2020 Danish Cyber Defence A/S · Vester Farimagsgade 41 · 1606 Copenhagen V · CVR 38871064