Detective Control Review

NetSPI’s detective control review provides recommendations that can help you build cyber defenses against the tactics, techniques, and procedures used by real-world attackers.


Correctly Configured Detective Controls Are Vital to Network Security

NetSPI partners with you to identify threat scenarios and test your breach detection technologies collaboratively. Results help identify missing data sources, improve SIEM correlation rules, and evaluate security tools and managed service providers (MSPs).

Improve Network Security with NetSPI’s Detective Control Review

Most companies are breached long before they realize it. Detective control review helps your company benchmark your current capabilities and those of your third-party service providers and helps you create a roadmap for success.

During our detective control review, NetSPI executes variations of common attack tactics, techniques, and procedures across detective control boundaries and works with your security team to identify data source gaps, tooling gaps, and missing rules and configurations.

Our Detective Control Review

NetSPI’s detective control review is more collaborative and broader in scope than a red team engagement. A detective control review tests in real time your company’s ability to respond to the most common tactics, techniques, and procedures used by threat actors and malware. After NetSPI performs each test, your team determines if the simulated attack went undetected, generated logs, triggered alerts, or triggered a response and your organization’s response time.

Our Process

Conduct interviews with key team members and create an inventory of known security gaps, response processes, preventative controls, and detective controls

Create a cybersecurity test plan based on the MITRE ATT&CK framework, professional experience, and interview questions

Conduct security unit testing in real time with members of the security operations team

Identify and track logging, alerting, and response capabilities for each test

Provide vendor-agnostic recommendations for improving detection capabilities for each test

Provide a summary of the trends and a remediation roadmap that helps prioritize internal development of missing controls

Outcomes of Detective Control Review

Identify visibility and vendor solution gaps resulting from:

Missing data sources

Missing and misconfigured security controls

Missing and misconfigured SIEM rules

Missing core components of response policies or procedures

Develop a prioritized approach for how to address identified gaps. Opportunistically identify system, network, and application layer vulnerabilities during unit test execution.

What Are Detective Controls for Information Security?

Detective controls are intended to identify malicious activity on the network and at endpoints. Like preventive controls, detective controls should be layered for a strong defense.

A good way to design detective controls for information security is to look at the steps in a typical attack and then implement controls in such a way that each of the steps is identified and alerts are triggered.

Detective controls must be tuned to your environment to be effective. NetSPI helps you tune your detective controls and verify that your security vendors are providing the coverage they promise.

Common Attack Workflow (MITRE ATT&CK)

1.Initial Access
4.Privilege Escalation
5.Defense Evasion
6.Credential Access
8.Lateral Movement
10.Command and Control

Pentesting Research and Tools

Learn about penetration testing on our blog, our open source penetration testing toolsets for the infosec community, and our SQL injection wiki.

Is your organization prepared for a ransomware attack? Explore our Ransomware Attack Simulation service.