data sheet Purple Team Assessment Coach your security team to improve detection and response to realistic attack scenarios Why FireEye Mandiant FireEye Mandiant has been at the forefront of cyber security and cyber threat intelligence since 2004. Our incident responders are on the frontlines of the most complex breaches worldwide. We have a deep understanding of both existing and emerging threat actors, as well as their rapidly changing tools, tactics and procedures. BENEFITS • Prepare your security team for real world cyber incidents— without real risk or business impact • Assess and enhance your security team’s ability to prevent, detect and respond to real attack scenarios in a controlled, realistic environment • Test and tune technical defenses to increase breach detection and response effectiveness • Align with MITRE ATT&CK framework • Identify gaps in your active and passive security controls • Improve your organization’s ability to respond to future incidents Service Overview The FireEye Mandiant Purple Team Assessment evaluate your security organization’s ability to prevent, detect and respond to attack scenarios by using the latest threat intelligence and the FireEye Verodin security instrumentation platform (SIP). They focus on highly realistic scenarios relevant to your industry. To expose shortcomings in your current technology stack, the purple team does not assume that your security operations work as intended. Unlike adversarial penetration testing designed to identify misconfigurations or unpatched systems in your network infrastructure, the Purple Team Assessment incorporating Verodin is a collaborative assessment which provides quantifiable evidence of security effectiveness. A Purple Team Assessment is recommended for organizations that want to test and develop the ability of their security team, processes and technology to detect, prevent and respond to targeted attack across all phases of the attack lifecycle. Our Approach The purple team begins by analyzing intelligence to determine the data breaches and threat groups most active in your industry vertical. They then create Verodin SIP scenarios to emulate the tools, tactics and procedures (TTPs) used by those groups. They use those TTPs to test your security team’s ability to detect and respond to industry-relevant threats in realistic scenarios. DATA SHEET | FIREEYE MANDIANT PURPLE TEAM ASSESSMENT The Purple Team Assessment consists of multiple step-by-step, scenario-based exercises to test your team’s performance in phase of the attack lifecycle. Attack Lifecycle Initial Reconnaisance Initial Compromise Establish Foothold Escalate Privilege Internal Reconnaisance Move Laterally Maintain Presence Complete Mission MITRE ATT&CK Mapped Against Attack Lifecycle Initial Access Initial Access, Execution, Defense Evasion Execution, Persistence, Defense Evasion Privilege Escalation, Credential Access Discovery, Collection, Defense Evasion Persistence, Command and Control, Defense Evasion Credential Access, Lateral Movement, Defense Evasion Exfiltration, Impact Prevent Detect Respond Figure 1. The Mandiant purple team tests the client security team’s capabilities against every phase of the attack lifecycle. Your security team works directly with a FireEye Mandiant incident response consultant and red team consultant at each phase to participate in the exercise and attempt to detect scenario activities. If malicious activity is detected, the purple team works with your security team to ensure an appropriate response to the detected activity and the existence of procedures to ensure continued success. If the malicious activity is not detected, our consultants work with your security team on how to better use existing logging, monitoring, and alerting detection technologies during the next simulation attempt. They may also identify areas for technological improvement. Engagement Timeline and Deliverables A Purple Team Assessment generally takes a total of three weeks to complete— two weeks for testing, and one week to assemble and deliver a report. DELIVERABLES Detailed report that includes: • A scorecard containing metrics related to detection of the simulated incidents • Executive summary • Walkthrough of technical details and capability evaluation with step-by-step instructions on how to recreate our findings • Evidence-supported findings and remediation strategies • Strategic recommendations for long-term operatio
fireeye ds purple team assessment
文档预览
中文文档
2 页
50 下载
1000 浏览
0 评论
0 收藏
3.0分
温馨提示:本文档共2页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
本文档由 思安 于 2022-10-19 12:24:26上传分享