The organization needed a global assessment to report to executive management concerning the current state of the security posture and spending activities after recent changes in leadership and management structure.
As the organization’s security posture had significantly improved over the last several years (with tremendous effort and cost), they found themselves receiving the same general recommendations and maturity scores, keeping their security efforts stagnant with no clear path for improvement. This is because traditional program assessments take an inside-out approach by looking at an organization’s policies, procedures, technology, and vulnerabilities to identify areas for improvement, thus only looking at security from one particular angle.
A global company was looking for cutting-edge insights over and above traditional security assessments. While there is tremendous value in security program maturity reviews and penetration testing activities, reviewing the range of adversary tactics and techniques helped develop more robust analytics, increased tool coverage, saved money, and allowed the organization to better detect and respond to adversary behaviors.