Assessing Intrusion Detection

of the breaches we’ve analyzed can be described by just nine patterns.

On average, we monitor 61+ billion security events annually.

Learn how prepared your organization is to recognize and handle threats, so you can accelerate your intrusion detection capabilities and strengthen countermeasures.

An Attack Detection Assessment can measure your ability to quickly and efficiently recognize and respond to cyber attacks. The assessment can help you identify attacks with greater speed— helping you discover what’s happening and take action sooner in the early stages of an attack.

Close the cyber-attack detection gap

We can evaluate the cyber-attack detection technologies, systems, and incident handling processes you already have in place and provide meaningful and cost effective ways to help you:

• Improve intrusion detection processes.
• Put incident classification into better practice.
• Streamline the infusion of high fidelity cyber intelligence.
• Increase alerting and visualization capabilities.
• Limit dwell time and better set the stage for incident triage.

The assessment comprises six phases of engagement:

Phase 1: Defensive Countermeasures

Assessment of your defensive and threat-hunting capabilities, focusing on the selection, positioning, and configuration of technologies in place, including but not limited to firewalls, host and network-based intrusion detection, beacon identification and antivirus.

Phase 2: Raw Event Visibility

We measure your ability to see a clear, detailed picture of external, internal, and partner-related cyber-attacks. We look for gaps that limit your view of raw events, enabling them to go undetected.

Phase 3: Incident Classification

At the intersection of digital alert streams and human intervention, we evaluate how you classify incidents by risk or severity and the effectiveness of human and automated incident classification processes.

Phase 4: Intel Fusion

An analysis of the effectiveness of cyber intelligence combined with your incident handling processes. We assess intelligence sources, collection mechanisms, archive and retention platforms, vetting, and the overall blend of these tactics across log streams.

Phase 5: Visualization and Situational Awareness

We test your selection, deployment, configuration, and use of visualization tools to enable situational awareness and measure how those tools are applied to enhance existing infrastructure and process.

Phase 6: Incident Triage

We’ll review your process for handing off designated risky incidents to operational incident-handling or Computer Emergency Readiness Team (CERT) staff, in accordance with your incident response plan, and evaluate the effectiveness of the feedback loop into device tuning.

Once all six phases of the Attack Detection Assessment are complete, we immediately communicate any significant weaknesses or points of security exposure we discover. Next, we present a report of our findings and actionable recommendations to help you enhance your situational awareness of cyber-attacks in motion and benchmark current incident-handling capabilities against comparable organizations.

Learn more:

To find out how an Attack Detection Assessment can help improve your security incident handling and cyber defenses, contact your account manager or visit: verizonenterprise.com/products/security