Detective Control Testing
NetSPI’s detective control testing service provides recommendations that can help you build defenses against the tactics, techniques, and procedures used by real-world attackers.
Correctly configured detective controls are vital for network security.
NetSPI will partner with you to identify threat scenarios and test your breach detection technologies collaboratively. Results can be used to help identify missing data sources, improve SIEM correlation rules, and evaluate security tools and managed service providers (MSPs).
Improve network security with detective control testing services
Most companies are breached long before they realize it. Detective control testing services can help your company benchmark your current capabilities and those of your third-party service providers, and help you create a roadmap for success.
During our detective control testing services, NetSPI will execute variations of common attack tactics, techniques, and procedures across detective control boundaries and work with your security team to identify data source gaps, tooling gaps, and missing rules and configurations.
The NetSPI Difference
NetSPI delivers industry-leading penetration testing expertise and a vulnerability management platform that makes penetration test results actionable.
Our Detective Control Testing Services
Our detective control testing services are more collaborative and broader in scope than a red team engagement. Detective control testing will test in real-time your company’s ability to respond to the most common tactics, techniques, and procedures used by threat actors and malware. After NetSPI performs each test, your team will determine if the simulated attack went undetected, generated logs, triggered alerts, triggered a response, and what was your organization’s response time.
Detective Control Testing Process
Outcomes of Detective Control Testing
Identify visibility and vendor solution gaps resulting from:
Missing data sources
Missing and misconfigured security controls
Missing and misconfigured SIEM rules
Missing core components of response policies or procedures
Develop a prioritized approach for addressing identified gaps. Opportunistically identify system, network, and application layer vulnerabilities during unit test execution.
What Are Detective Controls for Information Security?
Detective controls are intended to identify malicious activity on the network and at endpoints. Like preventative controls, detective controls should be layered for a good defense.
A good way to design detective controls for information security is to look at the steps in a typical attack and then implement controls in such a way that each of the steps are identified and alerts are triggered.
Detective controls need to be tuned to your environment to be effective. NetSPI can help you tune your detective controls and verify that your security vendors are providing the coverage they promise.
Common Attack Workflow (Mitre ATT&CK) |
|
|---|---|
| 1. | Initial Access |
| 2. | Execution |
| 3. | Persistence |
| 4. | Privilege Escalation |
| 5. | Defense Evasion |
| 6. | Credential Access |
| 7. | Discovery |
| 8. | Lateral Movement |
| 9. | Collection |
| 10. | Command and Control |
| 11. | Exfiltration |
Benefits of Detective Control Testing
Simulate attacks in real-time to improve detective controls.
Avoid Breaches
Discover your vulnerabilities and exposure, before a breach occurs.
Achieve Compliance
Meet application security testing requirements from a third-party.
Improve Security
Learn how to strengthen your network security program.
Augment Your Team
Get a fresh set of eyes from penetration testing experts.
Pentesting Research and Tools
Learn about penetration testing on our blog, our open-source penetration testing toolsets for the infosec community, and our SQL injection wiki.
