NetFACTS is a combined network-based assurance and assessment service, designed to measure the collective efficacy of deployed security controls across IT systems, infrastructure or an entire estate.
NetFACTS exception reports provide evidence of real events and actual incidents; covering sophisticated attack detection - including infiltration and exfiltration incidents, corporate or third party security policy violations and specific compliance non-conformities
How NetFACTS works
Traditional technical assurance services, such as penetration testing and configuration audits, are intended to exhaustively identify all possible vulnerabilities, weaknesses and exposures within an autonomous scope based on perceived and often unquantified threats without consideration of business context and the organisation's risk profile.
Whilst penetration testing is an essential part of most technical assurance programmes, a collective measurement from NetFACTS provides a complementary and pragmatic view of security performance in a much wider context, reporting on actual security events and incidents. NetFACTS provides a prioritised approach to risk management and within security maturity models, by assisting with targeted treatment planning, whether through the application of technical changes or updates to policies, procedures and standards.
NetFACTS can measure both the general health and security posture of an organisation at network level as well as the effectiveness of existing security controls, and can be integrated as a security KPI.