External Evaluation Readiness
Preparacion Gartner, Forrester y MITRE ATT&CK
Scorecards, matriz ATT&CK, brechas tecnicas y evidencias para evaluaciones independientes, analistas y pruebas de laboratorio.
72% readiness
MITRE ATT&CK Evaluations Readiness
Medir deteccion contextual, proteccion, contencion y evidencias por tecnica.
Technique-level ATT&CK mapping
implemented · Eventos e incidentes almacenan tacticas MITRE y matriz de cobertura.
82%
Agregar IDs tecnicos ATT&CK normalizados por regla.
Detection quality and context
implemented · Correlaciona email, endpoint, identity, cloud y firewall en incidentes.
78%
Agregar explicabilidad por sensor, query y evidencia cruda.
Protection and containment
implemented · Acciones remotas: aislar host, kill process, cuarentena y forense ligero.
74%
Conectar agente firmado y canal mTLS para ejecucion real.
Evaluation evidence package
planned · Documentacion y endpoints base disponibles.
55%
Exportar paquete JSON/CSV/PDF con timeline, screenshots y SoA.
71% readiness
Forrester XDR Wave Readiness
Demostrar XDR operativo: multiples fuentes, UX SOC, automatizacion y outcomes.
Native multi-source correlation
implemented · Fuentes: endpoint, email, firewall, proxy, WAF, identity, cloud y TI.
80%
Agregar conectores reales M365, Google Workspace, Entra ID, Okta y cloud.
SOC analyst experience
implemented · Consola unificada con incidentes, timeline, cobertura, filtros y activos.
76%
Agregar search DSL, notebooks de hunting y grafo de entidades.
Automation and response orchestration
implemented · Playbooks y acciones remotas auditables.
70%
Integrar Jira, ServiceNow, Slack/Teams y SOAR webhooks.
Measured outcomes
planned · KPIs operativos iniciales: cobertura, riesgo, incidentes y cumplimiento.
58%
Agregar MTTD, MTTR, precision, false-positive rate y SLA burn-down.
70% readiness
Gartner EPP/EDR/XDR Readiness
Evidenciar proteccion endpoint, operacion enterprise, gestion y viabilidad.
Endpoint protection depth
implemented · Telemetria endpoint, deteccion ransomware, procesos, red, archivos y drivers.
72%
Agregar motor preventivo en agente, rollback y anti-tamper.
Enterprise manageability
implemented · Descarga de agente, despliegue por GPO/Intune/SCCM/MDM y politicas por grupo.
79%
Agregar inventario de politicas, version rings y health de agente.
Security and compliance
implemented · RBAC, MFA-ready, auditoria, documentacion ISO/PCI y Postgres.
77%
Agregar SSO/SAML/OIDC, SCIM y retencion configurable.
Market execution evidence
planned · Base tecnica y branding propietario Itinnovok.
50%
Preparar customer proof, SLAs, roadmap, pricing, support y TCO.
MITRE ATT&CK
Matriz priorizada
| Tactica | Tecnica | Cobertura | Senal |
|---|---|---|---|
| Initial Access | T1566.001 Spearphishing Attachment | Detect + correlate | email attachment reputation + endpoint child process |
| Execution | T1059 Command and Scripting Interpreter | Detect + respond | PowerShell encoded command and remote script controls |
| Credential Access | T1003 OS Credential Dumping | Detect planned | mimikatz/pypykatz process and LSASS access telemetry |
| Lateral Movement | T1021 Remote Services | Detect planned | identity + network + process correlation |
| Command and Control | T1071 Application Layer Protocol | Detect + enrich | periodic beaconing, suspicious ports and IP reputation |
| Exfiltration | T1041 Exfiltration Over C2 Channel | Detect planned | rclone/process + proxy/firewall egress anomaly |
| Impact | T1486 Data Encrypted for Impact | Detect + contain | mass file rename, ransomware extensions and isolate host action |
Evidence Room
Paquetes para evaluadores
ATT&CK technique coverage matrix
Detection quality workbook
Protection and containment proof pack
SOC operations and SLA report
Executive vendor-evaluation dossier