External Evaluation Readiness

Preparacion Gartner, Forrester y MITRE ATT&CK

Scorecards, matriz ATT&CK, brechas tecnicas y evidencias para evaluaciones independientes, analistas y pruebas de laboratorio.

Readiness global 71% Meta 92%
Programas 3 MITRE, XDR Wave, EPP/EDR
ATT&CK tecnicas 7 cobertura priorizada
Exports 5 paquetes de evidencia

72% readiness

MITRE ATT&CK Evaluations Readiness

target 95%

Medir deteccion contextual, proteccion, contencion y evidencias por tecnica.

Technique-level ATT&CK mapping implemented · Eventos e incidentes almacenan tacticas MITRE y matriz de cobertura.
82% Agregar IDs tecnicos ATT&CK normalizados por regla.
Detection quality and context implemented · Correlaciona email, endpoint, identity, cloud y firewall en incidentes.
78% Agregar explicabilidad por sensor, query y evidencia cruda.
Protection and containment implemented · Acciones remotas: aislar host, kill process, cuarentena y forense ligero.
74% Conectar agente firmado y canal mTLS para ejecucion real.
Evaluation evidence package planned · Documentacion y endpoints base disponibles.
55% Exportar paquete JSON/CSV/PDF con timeline, screenshots y SoA.

71% readiness

Forrester XDR Wave Readiness

target 90%

Demostrar XDR operativo: multiples fuentes, UX SOC, automatizacion y outcomes.

Native multi-source correlation implemented · Fuentes: endpoint, email, firewall, proxy, WAF, identity, cloud y TI.
80% Agregar conectores reales M365, Google Workspace, Entra ID, Okta y cloud.
SOC analyst experience implemented · Consola unificada con incidentes, timeline, cobertura, filtros y activos.
76% Agregar search DSL, notebooks de hunting y grafo de entidades.
Automation and response orchestration implemented · Playbooks y acciones remotas auditables.
70% Integrar Jira, ServiceNow, Slack/Teams y SOAR webhooks.
Measured outcomes planned · KPIs operativos iniciales: cobertura, riesgo, incidentes y cumplimiento.
58% Agregar MTTD, MTTR, precision, false-positive rate y SLA burn-down.

70% readiness

Gartner EPP/EDR/XDR Readiness

target 90%

Evidenciar proteccion endpoint, operacion enterprise, gestion y viabilidad.

Endpoint protection depth implemented · Telemetria endpoint, deteccion ransomware, procesos, red, archivos y drivers.
72% Agregar motor preventivo en agente, rollback y anti-tamper.
Enterprise manageability implemented · Descarga de agente, despliegue por GPO/Intune/SCCM/MDM y politicas por grupo.
79% Agregar inventario de politicas, version rings y health de agente.
Security and compliance implemented · RBAC, MFA-ready, auditoria, documentacion ISO/PCI y Postgres.
77% Agregar SSO/SAML/OIDC, SCIM y retencion configurable.
Market execution evidence planned · Base tecnica y branding propietario Itinnovok.
50% Preparar customer proof, SLAs, roadmap, pricing, support y TCO.

MITRE ATT&CK

Matriz priorizada

technique-level
TacticaTecnicaCoberturaSenal
Initial Access T1566.001 Spearphishing Attachment Detect + correlate email attachment reputation + endpoint child process
Execution T1059 Command and Scripting Interpreter Detect + respond PowerShell encoded command and remote script controls
Credential Access T1003 OS Credential Dumping Detect planned mimikatz/pypykatz process and LSASS access telemetry
Lateral Movement T1021 Remote Services Detect planned identity + network + process correlation
Command and Control T1071 Application Layer Protocol Detect + enrich periodic beaconing, suspicious ports and IP reputation
Exfiltration T1041 Exfiltration Over C2 Channel Detect planned rclone/process + proxy/firewall egress anomaly
Impact T1486 Data Encrypted for Impact Detect + contain mass file rename, ransomware extensions and isolate host action

Evidence Room

Paquetes para evaluadores

ATT&CK technique coverage matrix Detection quality workbook Protection and containment proof pack SOC operations and SLA report Executive vendor-evaluation dossier