Maturity Model¶
5-stage threat detection & response maturity¶
Level |
Detection |
Response |
Offensive Testing |
|---|---|---|---|
1 - Initial |
Ad-hoc alerts, no ATT&CK mapping |
Manual processes |
Annual penetration test |
2 - Developing |
Basic ATT&CK coverage (<50%) |
Playbooks for critical TTPs |
Quarterly Red Team exercises |
3 - Defined |
70% ATT&CK coverage, automated alerts |
SOC integrates threat intel |
Monthly Purple Team collaboration |
4 - Measured |
≥90% coverage, MTTD <30min |
Automated containment for known TTPs |
Continuous emulation + feedback |
5 - Optimizing |
Predictive analytics (AI/ML) |
Self-healing systems |
Red Team emulates advanced APTs |
Last update:
2025-05-12 12:50