Detective Control Testing

NetSPI’s detective control testing service provides recommendations that can help you build defenses against the tactics, techniques, and procedures used by real-world attackers.

Correctly configured detective controls are vital for network security.

NetSPI will partner with you to identify threat scenarios and test your breach detection technologies collaboratively. Results can be used to help identify missing data sources, improve SIEM correlation rules, and evaluate security tools and managed service providers (MSPs).

Improve network security with detective control testing services

Most companies are breached long before they realize it. Detective control testing services can help your company benchmark your current capabilities and those of your third-party service providers, and help you create a roadmap for success.

During our detective control testing services, NetSPI will execute variations of common attack tactics, techniques, and procedures across detective control boundaries and work with your security team to identify data source gaps, tooling gaps, and missing rules and configurations.

The NetSPI Difference

NetSPI delivers industry-leading penetration testing expertise and a vulnerability management platform that makes penetration test results actionable.

Learn More arrow_forward

A collaborative team with experience and expertise produces the highest quality of work
Consistent processes with formalized quality assurance and oversight deliver consistent results
Technology allows more focus on testing and scales to large engagements and multiple ongoing projects
Actionable guidance by a trusted partner from the start of the engagement to the end of remediation

Our Detective Control Testing Services

Our detective control testing services are more collaborative and broader in scope than a red team engagement. Detective control testing will test in real-time your company’s ability to respond to the most common tactics, techniques, and procedures used by threat actors and malware. After NetSPI performs each test, your team will determine if the simulated attack went undetected, generated logs, triggered alerts, triggered a response, and what was your organization’s response time.

Detective Control Testing Process

Conduct interviews with key team members and create an inventory of known gaps, response processes, preventative controls, and detective controls
Create a test plan based on the Mitre ATT&CK framework, professional experience, and interview questions
Conduct security unit testing in real-time with members of security operations team
Provide a summary of the trends and a remediation roadmap that helps prioritize internal development of missing controls
Identify and track logging, alerting, and response capabilities for each test
Provide vendor agnostic recommendations for improving detection capabilities for each test
Provide a summary of the trends and a remediation roadmap that helps prioritize internal development of missing controls

Outcomes of Detective Control Testing

Identify visibility and vendor solution gaps resulting from:

Missing data sources

Missing data sources

Missing and misconfigured security controls

Missing and misconfigured security controls

Missing and misconfigured SIEM rules

Missing and misconfigured SIEM rules

Missing core components of response policies or procedures

Missing core components of response policies or procedures

Develop a prioritized approach for addressing identified gaps. Opportunistically identify system, network, and application layer vulnerabilities during unit test execution.

What Are Detective Controls for Information Security?

Detective controls are intended to identify malicious activity on the network and at endpoints. Like preventative controls, detective controls should be layered for a good defense.

A good way to design detective controls for information security is to look at the steps in a typical attack and then implement controls in such a way that each of the steps are identified and alerts are triggered.

Detective controls need to be tuned to your environment to be effective. NetSPI can help you tune your detective controls and verify that your security vendors are providing the coverage they promise.

Common Attack Workflow (Mitre ATT&CK)

1. Initial Access
2. Execution
3. Persistence
4. Privilege Escalation
5. Defense Evasion
6. Credential Access
7. Discovery
8. Lateral Movement
9. Collection
10. Command and Control
11. Exfiltration

Benefits of Detective Control Testing

Simulate attacks in real-time to improve detective controls.

Avoid Breaches
Discover your vulnerabilities and exposure, before a breach occurs.

Achieve Compliance
Meet application security testing requirements from a third-party.

Improve Security
Learn how to strengthen your network security program.

Augment Your Team
Get a fresh set of eyes from penetration testing experts.

Web Application Pentesting Research and Tools

Learn about penetration testing on our blog, from our open-source penetration testing toolsets for the infosec community, and in our SQL injection wiki.


Contact Us