Challenge
A national telecom operator had invested heavily in security tooling but had minimal detection logic in place. Their SIEM collected logs from hundreds of sources but generated mostly noise. They needed a structured detection engineering program and a way to continuously validate its effectiveness.
Approach
Crimson7 designed a multi-phase detection maturity program:
- Phase 1: Data source audit and log quality assessment
- Phase 2: Detection rule development prioritized by threat intelligence
- Phase 3: Purple Rain deployment for continuous validation
- Phase 4: Knowledge transfer and ongoing optimization
The program was designed to build internal capability while delivering immediate security value.
Results
Within 12 weeks, the program delivered 180 production-ready detection rules, taking the telecom operator from zero structured detections to a mature detection program. Purple Rain continuous validation showed a 92% detection effectiveness rate, and mean time to detect dropped from an unknown baseline to under 4 hours for tested attack scenarios.