This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Part 2 - Evaluating Security Stack Resilience against Attack use cases - a suggested framework

Posted on 03-04-2024 10:32 PM
tameri
Staff
Reply posted on --/--/---- --:-- AM

This post is a continuation of Part 1 - Evaluating Security Stack Resilience against Attack use cases - a suggested framework.

The following photos will show some of the use cases (or playbooks) that demonstrate how Mandiant Security Validation (MSV) can be utilized to assess and enhance the effectiveness of security controls within an organization.  Note: Unfortunately the full list cannot fit in the post and if you want to get it, please DM me.

MFT_CNC.JPG

 Network  Security Stack Use cases

 

Endpoint.JPG

 Endpoint Security Stack Use cases

These use cases are structured around specific objectives, applicable security controls, prerequisites, as well as the source and destination for each scenario. They also guide on how to filter MSV content to execute the needed actions. While the use cases are designed with MSV in mind, they serve as a foundational guide for evaluating security controls either manually or using other security validation platforms.

Here's a simplified overview of the information from the use cases:

  • Objective: Each use case has a specific goal it aims to achieve, such as validating the detection capabilities of security controls or assessing the ability of the network to prevent certain types of attacks.
  • Security Controls: The table lists which security controls can be involved in each use case. This could include firewalls, intrusion detection systems (IDS), endpoint protection platforms, etc.
  • Prerequisites: These are the requirements that must be in place before executing a use case. It may include configurations, specific settings on security devices, or the presence of certain types of network traffic.
  • Source and Destination: This column specifies the starting victim and attacker endpoints for the actions within a use case.
  • Filtering MSV Content: Guidance is provided on how to select and filter the Mandiant Security Validation content that aligns with the actions to be executed in each use case.

While the list of the use cases provides detailed information on how to utilize MSV for security validation, the essence is that these use cases offer structured scenarios to test and improve the security posture of an organization. Each use case is designed to challenge specific aspects of the security infrastructure, ensuring that defenses are robust and capable of mitigating potential threats.

 

3 0 141
Topic Labels
0 REPLIES 0