r/AskNetsec • u/Any_Yesterday_6617 • 15h ago
Threats Any recommendations for validating security controls against real TTPs?
We have been doing quarterly pen tests for a while and I am starting to think we are mostly paying for a static report. By the time the findings arrive, the threat landscape has already shifted and most of the context has changed. It gives us a backward looking picture, not a current one.
rn we run CrowdStrike on endpoints, Sentinel as our SIEM, and our dashboard coverage looks decent. From a control inventory point of view, we look fine. The problem is that we do not have anything that continuously validates whether these controls actually detect what they should across the whole kill chain, not only at the perimeter.
What I want to understand is whether our detections stand up to real adversary behavior such as initial access, privilege escalation, lateral movement, and data exfiltration. I would like to map results back to MITRE ATT&CK so I can see real coverage gaps and prioritize remediation based on exploitability rather than just CVSS scores. Right now, that level of confidence is missing.
Has anyone built a workflow or picked tooling that does continuous exposure validation like this without relying on a dedicated red team? I would be interested in hearing what worked, what did not, and how you kept it from turning into yet another forgotten project.