AttackIQ is pleased to announce the release of our Cyber Hunt Exercise Module; a new workflow within FireDrill™ that enables customers to validate and measure the detection and response capabilities of security pipelines and Detection Analysts.
Q: Why should I test my Detection Team using the Cyber Hunt Exercise?
A: Simply put…You cannot improve what you do not measure.
The Cyber Hunt Exercise was built on the premise that in order to stay ahead of our adversaries, businesses must test their teams regularly in addition to continuously validating Security Controls and Technologies.
Once you have spent the time and money building out your SOC and filling it with highly skilled individuals, how can you be sure that your security infrastructure is reporting accurately and that the team is responding correctly….reducing your security risk exposure by decreasing the adversaries dwell time?
An effective security team must practice…practice…practice. While detection is an important capability, it’s only half the story. The time it takes to respond a given detection is an essential element of the overall strategy. Providing that your security infrastructure is even aggregating the important events of interests in the first place.
How can I measure response time?
Using FireDrill’s to create assessments that run attack tactics and techniques against assets in the infrastructure and assigning your Detection Analysts to report events of interests that they believe are the result of FireDrill activity back into FireDrill’s detection analysts portal for confirmation. This data is captured and presented to measure effectiveness, response time and trend analysis.
This allows SOC Managers and Detection Team Managers to continuously evaluate analysts on a wide variety of attacker TTPs while simultaneously providing outstanding cyber training.