Security Control Validation is a form of Purple Teaming that specializes in gap analysis to ensure the coverage and effectiveness of existing security solutions such as EDRS and DLP deployments. This presentation outlines an economical and cost-effective solution to validating security controls within an organization by leveraging open-source tools such as Atomic Red Team and Vectr. We will address considerations such as limited team members, methodologies to operationalize this deployment, and how this configuration can integrate with Security Operations to provide gap analysis against existing security controls. As organizations contend with increasing economic restrictions, this solution seeks to demonstrate a repeatable and measurable methodology to create and maintain security control validation operations.
