We will get back to you as soon as possible. Meanwhile, check out Our Thinking page for more cyber security insights.Check out more cyber security insights
Maintaining an effective detection and response capability is challenging and costly. It requires up-to-date knowledge of the threat landscape, correctly tuned technology and controls, a team of capable analysts, and the policies to prompt a response if needed. This explains why so few attacks are swiftly detected after initial compromise.
Our detection consultancy focuses on raising your overall security posture and building operational resilience through close partnership. We help you understand your capability holistically, in terms of how your critical assets would be targeted by attackers, then develop solutions that can be tested through adversarial simulation and tabletop response exercises. We provide insights and recommendations with tangible business outcomes, whether that’s decreasing the time your team spends investigating false positives or closing the gap between yours and your competitors’ capability to withstand APT-level attacks.
Our attack simulation platform can simulate over a hundred modern attack techniques across the cyber kill-chain and track regression over time. This technological capability is augmented by our offensively trained consultants who work with your team and test controls in a realistic but safe manner. Our consultants hold certifications from CHECK, CREST, ISC2, SANS, and OSCP, and actively deploy this certified knowledge when developing your security analysts.
Our detection consultancy is bespoke, scoped to deliver the specific outcomes required by your organization. Within this, some specific services and solutions can be applied, including:
Attack Detection capability assessment (ADCA)
ADCAs are our interpretation of the traditional purple team exercise. Rather than measuring the performance of competing offensive (red) and defensive (blue) teams, these teams work together towards a common goal. Collaboratively, we assess defense in-depth across the lifecycle of an attack, highlighting areas for improvement and/or investment across people, process, and technology.
AttackSim is our proprietary attack simulation tooling, first developed by consultants for consultants. Now, it is deployed in engagements to simulate the attackers targeting clients’ businesses and measure their ability to detect the TTPs they would use. With the ongoing support from consultants, AttackSim can be used point-in-time or deployed continuously, as part of an ongoing security program, to track how changes in your environment influence your detection capability.
One of the biggest mistakes organizations make with their detection capability is relying on tooling alone. Monitoring is part of the solution, but it has to be supplemented with the knowledge of dedicated specialists, continuous data analysis by a skilled SOC, and regular tuning of your technology. Detection must be seen in the context of your broader security posture if it's to work. This is where we come in.