Ensuring high performance of cyber attack detection and response solutions
Cyber security landscape is constantly evolving, and even the most effective SIEM, EDR and MDR solutions are not infallible. We work with companies in critical infrastructure services to ensure that their detection and response technologies and processes meet the high security demands of the industry.
Elisa, a Finnish market leader in telecommunications and digital services, has a sophisticated Cyber Security and Service Operations Center (cSOC) working 24/7 to identify, investigate and react to security incidents. The cSOC team partnered with Fraktal to validate that Elisa has sufficient means to detect and respond to attacks.
In search of a continuous improvement process
Elisa’s security team was looking to develop their operations and implement a continuous testing process. The new process was expected to bring immediate results and lead to rapid improvement of their detection and response safeguard. Elisa wanted a true and modern purple team experience, with the attackers working together with the defenders in a close continuous collaboration.
This case study describes Elisa’s and Fraktal’s partnership and how the selected methodologies have improved Elisa’s security operations.
In words of Teemu Mäkelä, Elisa’s CISO
“We wanted a long-term co-operation with a partner that is ready to commit in a journey with us. Instead of one-time penetration testing assignments and red teaming exercises where you get a list of deficiencies to work with, we wanted to see improvements already taken. Purple teaming model is a perfect fit for us, blue team and red team working together bringing results, fast.
One of the other reasons why we chose Fraktal as our partner is their understanding and expertise in our industry.”
Continuous detection and response testing
Fraktal uses a continuous and collaborative approach to test targeted attack scenarios in Elisa’s environment. With Fraktal’s service, Elisa’s cSOC can verify and improve their security posture in monthly increments. This ensures that the maturity of the current controls can be continuously validated. The team can implement improvements in a controlled manner and trust that their cyber defense is always up to date.
Fraktal’s team also ensures the security of new technologies and operations, such as 5G. As 5G core is cloud-native and API-based like other modern technologies, Fraktal’s testing model is well suited to validate the security of 5G networks.
A true partnership for first-class cyber security
Fraktal experts have integrated into Elisa’s Cyber Security and Service Operations Center to get the best results. Fraktal’s expertise of the latest attack scenarios and technologies helps keep Elisa’s team on top of the threat landscape. Full visibility to Elisa’s environment helps Fraktal spot specific areas to investigate and improve. What started as delivering a service turned into a deep partnership.
Development of cSOC capabilities
Lately Fraktal’s experts have also started to work as a part of Elisa’s Cyber Security Operations team to help build new detection capabilities and log source integrations in Elisa’s environment. Working closely together gives Fraktal invaluable insights to build better tools for Elisa. This tight co-operation also strengthens Elisa’s security team and helps them locate and fix security gaps even faster.
Targeted attack scenarios
We run targeted attack scenarios in Elisa’s environment and against their applications. The scenarios comprise of multiple test cases that cover the whole life cycle of a typical cyber attack. The objective of the scenarios is to reach target data or system functions as defined together with Elisa’s team. Creating new relevant scenarios also allow retesting the improved defenses and validate the work of Elisa’s internal team (the blue team).
A key activity in our service are monthly walkthroughs with the blue team. This ensures that our testing activities are transferred into knowledge that Elisa’s cSOC team can use to improve their detection and response.
As a true collaborative and cross-team experience, Elisa gets a full visibility to Fraktal’s work through a dynamic dashboard. It includes all the performed tests and analysis on how the detection technologies and the blue team fared, as well as metrics set up together with Elisa.
Mapping to MITRE ATT&CK
All our attacks and results are mapped to the industry standard framework. As the coverage is extended over time, confidence in continuous improvement is also increased. This mapping provides essential understanding to the benefits gathered from improvements and a bird’s eye view to the attack paths that are now under control.