Identify
Detection Assessment: Strengthen security culture and raise awareness among your employees
It can be difficult to know if your detection and log collection strategy is sufficient enough and matches the current threat landscape. We can help evaluate your detection architecture, assess your maturity level and make concrete suggestions for improvement.
Why it's important to make your organisation's detection visible
A visible detection sends a clear signal that you take Cyber Security seriously. It strengthens security culture and raises awareness among your employees about the importance of protecting company resources.
Our consultants can help you harden public cloud environments by taking an in-depth look at your current design structure and carefully analyze the maturity of current configurations.
Our approach is structured and focused on your daily business needs. We address a wide range of topics, both in regard to specific technical cybersecurity matters and non-technical aspects of cybersecurity - all depending on your needs and preferences.
Security logs and resources: Are you prepared?
There are many things to keep track of. But you can start by asking yourself these questions:
- Do you have a security log collection strategy that matches the current threat landscape?
- Do you have a robust logging architecture?
- If you have already implemented some detections, are they sufficient?
- Do you have the necessary internal resources available?
What does an assessment of your detection level include?
A detection assessment results in a written report containing a non-technical section and a technical section.
The non-technical section consists of an executive summary for management and decision makers to help them with their strategic planning, budgeting and prioritization.
The technical section covers four elements that include:
#1
Log collection strategy and governance.
#2
Suggestions for improvements to the logging architecture.
#3
Recommended changes to your infrastructure to provide better visibility for detections.
#4
If some detections are already in place, which techniques and phases of the MITRE ATT&CK framework are covered and how do they fit the current threat landscape?
How we analyse your current detection capabilities
We analyse your current level of detection capabilities based on our extensive experience from both the defensive and offensive side as well as following industry best practices. We cover topics ranging from logging assumptions, log collection, logging architecture and governance to actual implemented detections.
Our assessment is based on information gathered at an initial workshop with your key stakeholders as well as information exported from the SIEM tool, topology drawings, etc.
We use the CMMI Institute's 5 Levels of Capability and Performance framework to measure the maturity level of the NIST Cybersecurity Framework's detection categories (DE.AE, DE.CM and DE.DP). If detections are already in place, we will map them to MITRE's ATT&CK framework.
What does the assessment require from you and your team?
The delivery requires minimal involvement of your technical staff. For the initial workshop, the detection service owner is required to be present, together with a few technical resources.