Press "Enter" to skip to content

Detecting Security Gap: Hand-On or Hand-OFF

MITRE ATT&CK is gradually becoming the de facto tool for analysing and mapping attacker behaviour.

In general, there are two methods for detecting security gaps.

  • The second approach is a hands-off strategy that involves simple oversight and analysis rather than implementation. – This is where you analyze using your tools.

In analysing stage, the processes, procedures, and analytics are all carried out by hand, and they are typically mapped to a framework [For example, Mitre ATT&CK Framework].

A hands-on method is good because it lets you get very specific. You can do a technique and see if it worked or not by doing it and seeing if it worked. This provides us a high level of assurance that you might notice the method. A hands-on assessment is often time-consuming and intrusive.

Hands-off assessments (i.e., Analysis), on the other hand, fall somewhere in the middle because they frequently require a variable time investment; it isn’t necessarily as time-consuming as a hands-on assessment, but it all depends on the breadth of the assessment you’re running. 

In general, if you’re doing a smaller scope exercise with pinpoint precision, a hands-on evaluation is ideal for analytic refinement. It is suggested that you adopt a hands-off assessment if you’re performing a larger-scale activity.

Be First to Comment

Leave a Reply

Your email address will not be published.