Mandiant Security Validation (MSV) is an automated and continuous approach to testing the efficacy of an organization's security controls against cyber threats. Security Validation is informed by timely threat intelligence and executes automated and continuous testing of security controls with the use of real attacks.
Effective security requires more than just implementing controls. Understanding their real-world effectiveness is crucial for protecting your organization from cyber threats. Mandiant Security Validation tackles this challenge by providing a comprehensive solution to test and evaluate your security posture.
Reactive Testing allows you to assess your security posture as it relates to recent events that may have occurred in your environment. Findings from any incident response can be used to create custom actions within MSV. These custom actions can then be used to validate your security controls are able to prevent, detect, and alert against these indicators in the future. The Validation Research Team (VRT) also creates headline content from incidents and vulnerabilities. Released content can be found here on the documentation portal.
Implementing Reactive Testing
You should use the Action Library first to ensure MSV doesn't already have the action you're looking for before creating a custom action. We've included some guidelines below to help you create your own reactive testing actions and evaluation.
As opposed to baseline testing where evaluations are scheduled on a recurring basis (weekly, monthly, quarterly), reactive testing should be done until the actions are remediated. As these actions typically represent an incident that has occurred in your environment, identifying gaps and remediation steps are critical.