Blue Teams / Detection & Response Capability Improvement
Preventative controls are necessary in every environment, but they cannot be 100% effective or alleviate the costs of a breach by an advanced threat actor. Our “Blue Teams” improvement services bring technical and process expertise to test and improve the resiliency, completeness and effectiveness of your detection and response controls. We sit side-by-side with your own defensive team to simulate attacker methods on the perimeter, in applications and on the internal network, with particular focus on detecting successful exploitation, lateral movement and privilege escalation through spear-phishing.
We then identify both configuration and operational recommendations to meet gaps between the basics and what you may need to better address threat actors who use stealthy tactics.
- Uses Advanced Threat (APT) threat-cycle simulation techniques to identify and develop recommendations to improve controls coverage and completeness
- Provides actionable tuning recommendations for existing controls and identifies where additional advanced controls might improve defenses
- Provides process and metrics-oriented recommendations in addition to technical configurations