What can we help you with?hello@fraktal.fi

Kaisaniemenkatu 1 BA, 4th floor
00100 Helsinki, Finland

Case

Continuous detection and response testing for critical infrastructure

Client need

Ensuring high performance of cyber attack detection and response solutions

Fraktal’s client companies in critical infrastructure services need to detect and respond to cyber attacks as accurately and swiftly as possible. For this purpose, they have built in-house or acquired commercial SOC services and supporting SIEM, MDR, and EDR solutions.

Ensuring that these technologies and processes work as expected is critical to the companies. This is not only to justify the investments and costs, but to validate that attack events are detected, correlated, and responded to in a way that meet their security demands.

In search of a continuous testing process

The clients wanted to implement continuous testing that leads to rapid improvement of their detection and response safeguard. They had previously used Red Team testing and found that it takes several months from kick-off to implement the results into practice and get some improvement. Retesting requires a huge effort and commitment from the organization, and usually left waiting for the next annual test.

Additionally, the companies wanted a true and modern Purple Team experience, with the testers working together with the defenders. We work closely with the clients to ensure they understand the test results, know what actions to take next and help their Blue Teams to become better at their work.

We delivered

A service for continuous improvement of security posture

We created a service for critical infrastructure companies and other organizations with high requirements for cyber security detection and response safeguards. Finally they can gain insight to the quality of their MDR and EDR solutions and how well their SIEM correlation rules are set up.

Using our services, these companies can verify and improve their security posture in monthly increments. This is a major improvement compared to one-off Red Team exercises. The benefits from our work are almost instantly available. The time from testing to improvement is happening at the speed the companies need in order to stay protected. Close co-operation with the clients grows professional skills of their security teams and helps locate security gaps faster.

Technologies and methods

Targeted attack scenarios

We create targeted attack scenarios that we run in our clients’ environments and against their applications. These scenarios comprise of multiple test cases that cover the whole life cycle of a cyber attack The objective of the scenarios is to reach target data or system functions set together with the client companies as flags. Defining the scenarios also allows for easy retesting of improved defences, validating the work of the Blue Team.

Monthly walkthroughs

A key activity in our service are monthly walkthroughs with the Blue Team. This ensures that our testing activities are transferred into knowledge that the security and operations teams can use to improve their detection and response.

Dynamic dashboard

As a true Purple Team experience, the clients get a full visibility through a dynamic dashboard. It includes all the performed tests and analysis on how the detection technologies and the Blue Team fared, as well as metrics set up together with the clients.

Mapping to MITRE ATT&CK

All our attacks created and results reported are mapped to the industry standard framework. As the coverage is extended over time, confidence in continuous improvement also increases.

Next case

Secure product development process for a connected device maker

Read case