Detection and Response test
To assess the capabilities of detecting and responding to potential security incidents in the organisation.
Through extensive and customized detection and response tests, we will demonstrate the current capabilities in accordance with the organisations’ current threat level. Depending on the required severity and depth of the test, we can cover everything from the generic non-targeted attacks all the way up to advanced adversaries with targeted attacks (known as Advanced Persistent Threats). This means that we can conduct a fulfilling detection and response test whether the organisation has:
We use a combination of testing based on hacker methodologies from the MITRE ATT&CK™ framework, and customised storylines which simulate the chain of events that would occur during a real-life incident. Furthermore, we simulate the target specific infrastructure used by adversaries, by renting servers, registering domains and implementing other known modus operandi from real-life targeted campaigns.
Detection and response tests are tailored to the organisation ranging from basic operations during an incident, up to advanced security analysis tasks for dedicated security employees.
Testing can be performed with different strategies depending on the organisation’s aim; informed, uninformed or cooperative where the organisation is informed and actively participates in test execution.
One laptop and a user account per storyline. One laptop and a user account for broad testing. Feedback about generated alarms and events during the test.
Choosing cooperative testing strategy for inhouse security resources and uninformed for outsourced security resources.