Through Nettitude’s technical threat intelligence gathering network, we gather real data on attackers’ Tactics Techniques and Procedures (TTPs). As a consequence, we have first hand visibility of what their behaviour looks like and what types of attack indicators that they generate.
Nettitude is able to simulate these types of events through the generation of benign attack traffic. Some of the types of TTPs and attack indicators that are used include:
Passive and active reconnaissance activity
Web based attacks, with known TTPs
Social engineering and spear phishing attacks, with pre-determined malware and implants
Creation of services and accounts in key assets
Techniques used to build attack persistence
Detection of beaconing, command and control and data exfiltration traffic
Ability to differentiate traffic generated from different geographies, and TOR exit nodes
Ability to correlate multiple events across assets and geographies
Ability to forensically contain an incident
Through identifying key threat actors, generating activities, events and traffic that is consistent with attackers TTPs, Nettitude is able to generate a highly customised assurance program. This approach helps an organisation measure their detection and response capabilities. Where key events, activities or traffic patterns remain undetected, Nettitude provides pragmatic advice and guidance on how to bridge the gaps.
After conducting a Detection and Response Assessment (DARA) you will receive a point in time measurement of your technical cyber attack detection capability. This will provide a graded comparison against your industry, and other similarly sized organisations. Nettitude can use this measurement in conjunction with your cyber security goals, to build a robust detection and response strategy.