Detective Control Review
NetSPI’s detective control review provides recommendations that can help you build cyber defenses against the tactics, techniques, and procedures used by real-world attackers.
Correctly Configured Detective Controls Are Vital to Network Security
NetSPI partners with you to identify threat scenarios and test your breach detection technologies collaboratively. Results help identify missing data sources, improve SIEM correlation rules, and evaluate security tools and managed service providers (MSPs).
Improve Network Security with NetSPI’s Detective Control Review
Most companies are breached long before they realize it. Detective control review helps your company benchmark your current capabilities and those of your third-party service providers and helps you create a roadmap for success.
During our detective control review, NetSPI executes variations of common attack tactics, techniques, and procedures across detective control boundaries and works with your security team to identify data source gaps, tooling gaps, and missing rules and configurations.
Our Detective Control Review
NetSPI’s detective control review is more collaborative and broader in scope than a red team engagement. A detective control review tests in real time your company’s ability to respond to the most common tactics, techniques, and procedures used by threat actors and malware. After NetSPI performs each test, your team determines if the simulated attack went undetected, generated logs, triggered alerts, or triggered a response and your organization’s response time.
Conduct interviews with key team members and create an inventory of known security gaps, response processes, preventative controls, and detective controls
Create a cybersecurity test plan based on the MITRE ATT&CK framework, professional experience, and interview questions
Conduct security unit testing in real time with members of the security operations team
Identify and track logging, alerting, and response capabilities for each test
Provide vendor-agnostic recommendations for improving detection capabilities for each test
Provide a summary of the trends and a remediation roadmap that helps prioritize internal development of missing controls
Outcomes of Detective Control Review
Identify visibility and vendor solution gaps resulting from:
Missing data sources
Missing and misconfigured security controls
Missing and misconfigured SIEM rules
Missing core components of response policies or procedures
Develop a prioritized approach for how to address identified gaps. Opportunistically identify system, network, and application layer vulnerabilities during unit test execution.
What Are Detective Controls for Information Security?
Detective controls are intended to identify malicious activity on the network and at endpoints. Like preventive controls, detective controls should be layered for a strong defense.
A good way to design detective controls for information security is to look at the steps in a typical attack and then implement controls in such a way that each of the steps is identified and alerts are triggered.
Detective controls must be tuned to your environment to be effective. NetSPI helps you tune your detective controls and verify that your security vendors are providing the coverage they promise.
Common Attack Workflow (MITRE ATT&CK)
|10.||Command and Control|