Mind the Gap – Detective Control Validation for Financial Institution
Discovery & Impact
While working with a leading US-based financial institution, Scott discovered that the client's detective controls were only able to pick up on about 5% of the procedures. This posture left the customer vulnerable and nearly blind to most post-exploitation behavior in their environment.
Remediation Outcome
The client worked to correct the EDR configuration and data source issues. The client regularly ran the procedures Scott performed and worked on improving and validating which controls/configurations/remediations were effective to continually improve detection levels. In one year of using NetSPI BAS, the client was able to improve detection levels by over 500%.
We met with the client team to scope, set expectations, establish priorities, and understand current detective control levels. The client assumed they would detect roughly 50% of the activity with their current technology.
Scott performed the initial 10-day NetSPI Breach and Attack Simulation base-line testing, using current threat research, common attack TTPs, advanced and customized plays.
Upon completing the initial base-line assessment, the client was found to only detect 5% of the procedures Scott performed.
This was due to several reasons including:
Detective Controls Testing 
Detective Controls Testing