Security Validation

CISOs and their security teams are frequently confronted with this critical question. To confidently answer, “Yes,” an organization needs to understand the effectiveness of its security defenses and prevention capabilities ensure that these controls are as working as expected. Prevention starts with proactive threat intelligence on who or what may be targeting the organization and other organizations in similar industries or the same region. Organizations also need to continually run automated evaluations of those specific threats against their prevention security controls.

Security validation is an automated and continuous approach to testing the efficacy of an organization's security controls against cyber threats.

Security validation is distinctly different from attack simulation technologies. Security validation includes vast integrations with defensive technologies and attack execution across the the entire enterprise security environment. It is not limited to endpoint security controls. It uses real, active attack binaries to test the effectiveness of security controls. Attacks are emulated, not simulated or altered, and include full attack lifecycle visibility. In fact, altered attacks are frequently not recognized as threats by security controls and machine learning contributes further challenges when using simulated or fake attacks.

Security Validation is informed by timely threat intelligence and executes automated and continuous testing of security controls with the use of real attacks. Although there are different approaches to testing security effectiveness, the emulation of real attack behaviors and malware against an organization’s security controls and across the entire security stack enable the capture of quantifiable data on how security controls perform under attack. This approach to security validation provides visibility into gaps, misconfigurations and the ability to identify areas for improvement to continuously optimize security defenses against the most relevant threats.

Data captured by security validation enables security teams to identify gaps, misconfigurations, redundancies, lack of accurate SIEM correlation and alerting within a security program and opportunities for continuous optimization and measure of improvement over time.

Yes, there are certain security validation vendors that have the capability and architecture to safely test an organization’s ability to detect or prevent malware and ransomware attacks.

• Evidence of security effectiveness (security infrastructure health)
• Demonstrated value of security investments (spend rationalization)
• Quantitative reporting to executives and non-technical stakeholders
• Security framework assessments (MITRE ATT&CK Framework or NIST)
• Technology evaluations
• Operationalization of threat intelligence and threat actor assurance
• Advanced malware and ransomware defense validation
• Mergers and acquisitions
• Cloud controls validation

• Mandiant Advantage Security Validation. Cloud-based security validation offering delivered through the Mandiant Advantage SaaS platform.
• Validation as a service. Based on a customer’s desired business outcomes or specific threats, Mandiant offers continuous and automated validation and reporting solutions that use Mandiant validation technology, access to Mandiant experts and industry leading threat intelligence.