Once you have spent the time and money building out your SOC and filling it with highly skilled individuals, how can you be sure that your security infrastructure is reporting accurately and that the team is responding correctly….reducing your security risk exposure by decreasing the adversaries dwell time?
An effective security team must practice...practice...practice. While detection is an important capability, it’s only half the story. The time it takes to respond a given detection is an essential element of the overall strategy. Providing that your security infrastructure is even aggregating the important events of interests in the first place.
Use AttackIQ FireDrill to create assessments using the Cyber Hunt Exercise Module. This will enable you to run attack tactics and techniques against assets in the infrastructure and to assign your Detection Analysts to report events of interests that they believe are the result of FireDrill activity. FireDrill’s detection analyst portal will confirm or deny the report and this data is captured and presented to measure effectiveness, response time and trend analysis. This allows SOC Managers and Detection Team Managers to continuously evaluate analysts on a wide variety of attacker TTPs while simultaneously providing outstanding cyber training.
The Cyber Hunt Exercise was built on the premise that in order to stay ahead of our adversaries, businesses must test their teams regularly in addition to continuously validating Security Controls and Technologies. Using the Cyber Hunt Exercise regularly enables customers to validate and measure the detection and response capabilities of security pipelines and Detection Analysts.
FireDrill’s Cyber Hunt Exercise enables a new workflow that can be put into action by:
- Creating a new assessment and selecting the Cyber Hunt Exercise template in the FireDrill platform
- Defining the Hunt Targets by selecting Assets and Scenarios
- Selecting your Hunters by adding detection analysts to the assessment
- Setting a time limit for the total duration of the hunt exercise along with successful detection parameters
- Running the assessment or exercise
- Detection Analysts will hunt for threats and report observations back into FireDrill through the Detection Analyst portal
- Managers can view the results inside the FireDrill platform, trending analyst performance over time with details into potential gaps in analyst knowledge, skills, and abilities
Schedule your AttackIQ demo to see a demonstration of the platform or request a free trial to setup and test the AttackIQ platform’s capabilities using your own enterprise data. Contact us today to get started.