Advisory Financial Services Client Story

Identifying Gaps Within a Security Program

A financial services Client wanted to validate various improvements and identify remaining gaps within their security program.

USA
Financial Services

Practice Areas
  • Red Team / Blue Team / Purple Team Exercises


Our Client’s Challenge:

  • Security information and event monitoring (SIEM) infrastructure elements were in place, however the coverage and ability to manage alerts was unknown. For example, malicious activities and attacks may not have been adequately caught by the current SIEM configuration as the effectiveness had yet to be tested.
  • Our Client had a need to understand the potential gaps between what is discovered by a red team (attacks), and what is detected and observed by a blue team (defence).

Our Approach:

  • Security Compass held planning meetings with our Client to understand the current landscape and business needs for the existing SIEM solution. This helped to drive specific scenarios where the red team could build and target specific attacks to test the SIEM monitoring and blue team responsiveness.
  • Working with our Client, we developed test cases for each scenario where detection of a threat should occur. This would help the blue team identify whether their SIEM solution was configured correctly as they should be able to detect the red team’s attack and be able to respond.
  • Together, we coordinated the red team attacks while working with members of the Client's blue team in a coordinated effort to assess the effectiveness of the SIEM solution and detection of potential attacks.

The Result:

  • Having invested a lot in software and tools to help monitor and respond to security attacks, our Client was able to conclude which of their security enhancements were effective and/or ineffective in detecting and responding to threats.
  • Security Compass helped to identify weaknesses and gaps in our Client’s SIEM platform and provided strategic recommendations to optimize threat detection and response processes for the blue team.
  • This red team vs blue team exercise helped our Client validate their investment spent over the years to improve their response capability to attacks and improve overall security posture.
Our Client was able to test the effectiveness of their security program in real-time via a Red team vs. Blue team engagement. They were able to validate their investment spent over the years to improve their response capability to attacks and improve overall security posture.

Back to Client Stories

Contact Us

You’re different, and we know it.

We are your guide to planning, assessing, and helping you build secure information systems to keep your business productive.

Contact us to find out how we can help you.

 
Mostly
Some of
 
(Choose One)
(All that apply)
Web Search
Online Ad
White Paper
Analyst Report
Trade Show
Worked With Us Elsewhere
Referral
Other

Security Compass Logo