Detection and response testing for critical infrastructure

Detection and response testing for critical infrastructure

Client need

Ensuring high performance of cyber attack detection and response solutions

Fraktal’s client companies in critical infrastructure services need to detect and respond to cyber attacks as accurately and swiftly as possible. For this purpose, they have built in-house or acquired commercial SOC services and supporting SIEM, MDR, and EDR solutions.

Ensuring that these technologies and processes work as expected is critical to the companies. This is not only to justify the investments and costs, but to validate that attack events are detected, correlated, and responded to in a way that meet their security demands.

In search of a continuous testing process

The clients wanted to implement continuous testing that leads to rapid improvement of their detection and response safeguard. In the past, they used red team testing, which took many months to show results. Retesting requires a huge effort and commitment from the organization, and usually left waiting for the next annual test.

They also wanted their defense team to work closely with the testers. Our job was to make sure the clients knew what the test results meant, what to do next, and how to make their defense team even better. This further justified moving toward continuous purple team testing.

We delivered

A service for continuous improvement of security posture

We created a service for critical infrastructure companies and other organizations with high requirements for cyber security detection and response safeguards. Finally they can gain insight to the quality of their MDR and EDR solutions and how well their SIEM correlation rules are set up.

Using our services, these companies can verify and improve their security posture in monthly increments. This is a major improvement compared to one-off Red Team exercises. The benefits from our work are almost instantly available. The time from testing to improvement is happening at the speed the companies need in order to stay protected. Close co-operation with the clients grows professional skills of their security teams and helps locate security gaps faster.

Technologies and methods

Targeted attack scenarios

We create targeted attack scenarios that we run in our clients’ environments and against their applications. These scenarios comprise of multiple test cases that cover the whole life cycle of a cyber attack The objective of the scenarios is to reach target data or system functions set together with the client companies as flags. Defining the scenarios also allows for easy retesting of improved defences, validating the work of the Blue Team.

Monthly walkthroughs

A key activity in our service are monthly walkthroughs with the Blue Team. This ensures that our testing activities are transferred into knowledge that the security and operations teams can use to improve their detection and response.

Dynamic dashboard

As a true Purple Team experience, the clients get a full visibility through a dynamic dashboard. It includes all the performed tests and analysis on how the detection technologies and the Blue Team fared, as well as metrics set up together with the clients.

Mapping to MITRE ATT&CK

All our attacks created and results reported are mapped to the industry standard framework. As the coverage is extended over time, confidence in continuous improvement also increases.

Secure product development process for a connected device maker

Let’s meet and increase your CYBER POSITIVITY®.