Alerting and taking actions on security alerts are core functions of a security team. At Below∅Day we have a unique package where we will work with your security team to help facilitate red team/blue team testing. This type of test allows us to test your organization’s defenses and alerting capabilities as well as your policies and procedures for responding appropriately to those events.
Our goal in this type of test is to actually trigger those alerts that are in place, see the flow of how they are reacted to, and track the time to resolution. We also want to find out what alerts or defenses are not in place and help get those documented and put into production.
Follow-up testing should be scheduled after every significant change in systems or network.