In general, there are two methods for detecting security gaps.
- The first approach is a hands-on approach, such as penetration testing, red teaming, or adversary emulation, in which you perform the techniques in your environment and then record whether or not you detect them.
- The second approach is a hands-off strategy that involves simple oversight and analysis rather than implementation. – This is where you analyze using your tools.
In analysing stage, the processes, procedures, and analytics are all carried out by hand, and they are typically mapped to a framework [For example, Mitre ATT&CK Framework].
A hands-on method is good because it lets you get very specific. You can do a technique and see if it worked or not by doing it and seeing if it worked. This provides us a high level of assurance that you might notice the method. A hands-on assessment is often time-consuming and intrusive.
Hands-off assessments (i.e., Analysis), on the other hand, fall somewhere in the middle because they frequently require a variable time investment; it isn’t necessarily as time-consuming as a hands-on assessment, but it all depends on the breadth of the assessment you’re running.
In general, if you’re doing a smaller scope exercise with pinpoint precision, a hands-on evaluation is ideal for analytic refinement. It is suggested that you adopt a hands-off assessment if you’re performing a larger-scale activity.