Put your breach detection and monitoring capabilities to the test

Our bespoke Detection Maturity Assessment makes sure they’re up to the job!

Protecting your reputation

Cyber resilience is paramount to survive in today’s data-driven economy, and various recent regulatory developments, such as the EU’s General Data Protection Regulation (GDPR), the network and information systems (NIS) Directive, or, for banks, Threat Intelligence-based Ethical Red Teaming (TIBER), among others continue to raise the bar.

But growing IT complexity and shorter time-to-market requirements make it more and more difficult to get security right. Security incidents, data breaches and even brief service outages are quickly picked up by (social) media and may lead to a loss of trust, and consequently reputational and financial damage.

Sure your business is safe?

Most companies have already invested in strengthening their preventive, monitoring and detection capabilities. But how can you be sure that your investments are paying off? While penetration tests can provide a view on how strong your preventive capabilities are, they only deliver a limited view on detection and monitoring capabilities, if any at all.

It’s actually very difficult to assess these capabilities, and solely measuring their outcome can be misleading. How can you be sure you’re safe if you didn’t detect anything? If you did detect an incident, are you sure it’s not a decoy and that you have not missed a more important, stealthier event? Are you confident that your third-party provider detects all events that really matter to you?

Determining your detection capabilities

Have you ever thought about testing the strength of your detection capabilities? According to the latest M-Trends report1 (FireEye), it takes about 101 days to detect a breach. In other words, it’s crucial to get a view on the design and effectiveness of your monitoring and detection capabilities. To do that, you could, for example, rely on your internal audit to review your monitoring infrastructure and processes.

You could even ask that they assess whether staff are appropriately skilled. However, as real detection requires having the right monitoring tools, the right processes and the right people it’s very difficult for this to be effectively measured with an audit.

A comprehensive process for a clear picture

That’s why we’ve developed our Detection Maturity Assessment (DMA), a process capable of measuring the design and effectiveness of your monitoring and detection capabilities, and identifying weak spots in terms of tooling, processes and people.

A DMA comprises two steps (see below) and is complementary to your current security activities.It can be applied to all your publicly available applications, web services, endpoints, systems and/or people.  

  1. Design review of your detection capabilities
    We’ll evaluate (via interview) the detection measures you have in place as well as how they’re managed and operated. This step mainly focuses on identifying key attention points in terms of the design (technical, process and team skills) of your detection capabilities.

  2. Technical evaluation of your detection capabilities
    We’ll assess the effectiveness of your detective security controls, processes and people (including those operated and/or managed third parties) by simulating malicious behaviour with increasing visibility. This will tell at what point your detection capabilities pick up potential malicious behaviour and act on it, and will identify blind spots where your tooling, processes or people weren’t able to pick anything up.

    We can also tailor our simulation to include specific security events that you want to see tested. The sooner your organisation can detect malicious behaviour, the higher your maturity level.

The first step can be executed in a standalone mode to help you identify and address key attention points. Once your design is considered adequate, we can go on to assess the technical side of your detection capabilities.

With our DMA, you’ll have comprehensive insight into the maturity of both the design and effectiveness of your detection and monitoring capabilities.

Get in touch with one of our specialists

 

Ingvar Van Droogenbroeck

Partner, Brussels, PwC Belgium

+32 047 738 1445

Email

Bart De Win

Director, Brussels, PwC Belgium

+32 47 946 7957

Email

Vito Rallo

Director, Brussels, PwC Belgium

+32 47 311 2830

Email

Follow PwC Belgium