Tabletop exercises are simulated emergency situations, and are held to gather (and train) policy level personnel. Usually tabletop exercises are planned in an informal, low stress environment to enable first responders and subsequent affected roles to be thoroughly defined.
Ultimately tabletop exercises help organizations improve action plans, policies, and procedures toward mitigating future threats.
The existing mainstream cybersecurity market for defensive software (and hardware) has been keeping defenders at a disadvantage due to their lack of proactiveness. Blue Teams mainly respond to threats, as opposed to proactively testing solution effectiveness to stop threats from happening in the first place.
Attack simulation exercises combined with gamelike scenarios allow organizations to create advanced tabletop exercises. Until Threatcare released the Violet platform there wasn’t a product to allow enterprise networks to run comprehensive gap assessments on production networks.
Advancements within vulnerability management tools and security controls solutions have streamlined automation for detection and mitigation processes for enterprise networks. Because intruders often initiate malicious behavior on production environments, security operation control (SOC) management and incident response (IR) teams can greatly benefit from a lightweight, low processing solution — especially one that imitates malicious behavior, and operates on test and production networks.
Without the capability to reproduce malicious behavior, security teams are forced to leave current mitigated controls up to chance against future threats. To combat this, Blue Teams currently hold bi-weekly to monthly advanced tabletop exercises to help with prioritizing vulnerable tools and filling gaps, while Red Teams hold advanced tabletop exercises to help with automating the intrusion reconstruction process while validating external and internal defense in depth operations.
Recreating and tracking malicious behavior can be time consuming, but is an invaluable approach to help improve an organization’s Mean Time To Detection (MTTD) and Mean Time To Response (MTTR) baseline metrics. For this reason organizations choose the Violet Platform to improve cybersecurity personnel familiarity toward real-world attacks.