We're changing our name.
Verodin is now Mandiant Security Validation. Click here to learn more.

Security Validation Technology

The most customizable, versatile and integrative security validation platform.

Start validating cybersecurity effectiveness with evidence-based data, realize ROI from your cybersecurity strategy and measure against cybersecurity KPIs.

Request a Demo

Introduction to Security Validation

Meet your new end-to-end cybersecurity strategy and validation process.

The Security Instrumentation Platform (SIP) instruments IT environments at scale to test the effectiveness of network, endpoint, email and cloud controls. SIP continuously executes tests and analyzes the results to proactively alert on drift from a known-good baseline and validate control configuration. The end result is you are now equipped with evidence demonstrating if an environment’s controls are actually delivering the desired business outcomes

How it works:
01   Consultation

Schedule a meeting with a technical advisor and account consultant to learn more about your unique needs.

02   Evaluation

We will formulate an ideal combination of the main platform, additional modules, and actors.

03   License & Implementation

Licensing the Security Instrumentation Platform is straightforward and your director is available within weeks.

The Director

Your primary interface to validate all aspects of your Security Instrumentation Platform.

The Director can be thought of as the "central brain" of the Security Instrumentation Platform. The director is available as a SaaS platform (our cloud or yours), or as an on-premises solution in both virtual appliance and installable software formats.


250+ integrations with industry-leading technologies.

The Director seamlessly integrates with an organization’s defensive stack across network, endpoint, email and cloud controls. These integrations enable the director to continuously validate how effective controls are and where they are misconfigured.


Actors replicate realistic attacks across a range of type and sophistication.

Security Instrumentation Platform Actors perform tests in the production IT environment to validate and assess controls effectiveness. SIP actors come in four primary control types to ensure test safety and provide a granular, in-depth understanding of defense posture.

Primary Actor Categories
Network Controls

Network controls inspect network traffic and act as both the source and destination of a test, sending traffic between each other to see how the network control responds.

Email Controls

Email controls counter phishing, emails containing malware, and data leaving the production IT environment. Tests include Microsoft Exchange, Office 365, and others.

Endpoint Controls

Endpoint actors execute tests within a user context to measure access to resources, attempt privilege escalation, exfiltrate data and other behaviors across the Kill Chain.

Cloud Controls

Cloud actors test commonly deployed AWS and Azure controls. Virtual host and API options are available, depending on cloud platform and service being tested.

Effectiveness Validation Process (EVP)

Validate that your controls are working properly against threats as configured with detection, alert, miss, and prevention rates in real time

As the Director instructs Actors to run tests, it continuously validates by querying the controls in the environment to determine what they are seeing, which are blocking, what detection events are generated and if those events are properly formatted and make it through the network maze to their destination. Once at their destination - likely a SIEM, log management platform or analytics engine - the Director validates that the events are properly timestamped, correctly parsed, and if the correlation rules and threat models defined actually generate an alert.

Dashboards & Reports

Rest safely with an accurate understanding of your overall cybersecurity posture.

The Director analyzes the results of the tests run in the environment and provides reports designed to enable customers to measure and validate where their effectiveness is today, manage the dynamic environment and evolving threat landscape on a daily basis, and show improvement over time with real, evidence-based data.

Advanced Modules

Additional components applied with the Security Instrumentation Platform for enhanced security posture and special use-cases.

Threat Actor Assurance Module (TAAM)

Combine the latest threat intelligence from our partners with the Security Instrumentation Platform to automatically test defenses against ever-evolving threat actor behaviors, visualize results, and enable your business to achieve optimum protection.

Advanced Environmental Drift Analysis (AEDA)

AEDA performs automated and continuous analysis of this Effectiveness Validation Process (EVP) compared to the known-good baseline across a customer's business zones. AEDA constantly analyzes the environment for drift and proactively bringing it to your attention before it is too late.

Protected Theater

Protected Theater is not required for testing endpoint controls, but it offers the ability to safely perform potentially dangerous and destructive tests on customers' endpoint defenses with real malware to determine what threats their endpoint controls will and will not block.

Cloud Theater

Cloud Theater is a Verodin-hosted external actor that can be used for ingress and egress tests like malware download, C2 traffic and data exfiltration. Some organizations choose to host their own external Actors, while others use a mix of Cloud Theater and their own hosted Actors.


Have a question that hasn't been answered here? Get in touch with us today.

Does the Security Instrumentation Platform require integrations to work?

No. It does not require integrations to work. It can run tests and provide basic results without them. However, integrations are essential to providing evidence of the effectiveness of cybersecurity controls. Most organizations are leveraging as little as 25% of the prevention functionality of their controls due to misconfiguration, weak-out-of-the box configurations and environmental drift. The Security Instrumentation Platform's integrations enable it to provide the customer a prescriptive set of steps to quickly optimize those controls. Without this level of visibility, it is impossible to clearly understand and validate the results of tests.

Are the SIP integrations complicated to install and configure?

No. The Security Instrumentation Platform leverages the control’s native APIs for the integration, making it quick and easy to set up. Integrations are provided “out of the box” with the Director, so there is nothing to install. Typically, all that is required for configuration is a valid, read-only user account and password from the control.

What types of controls does the Security Instrumentation Platform test?

The platform can validate the effectiveness of network, endpoint, email and cloud controls. Common network controls tested include next-gen firewalls (NGFW) and traditional firewalls (FW), intrusion detection systems (IDS), intrusion prevention systems (IPS), malware sandboxes, web application firewalls (WAF), proxies and data loss prevention (DLP) systems. Common endpoint controls tested include tools like anti-virus (AV), host-based intrusion prevention systems (HIPS), software firewalls, and detection and response tools (EDR). Beyond traditional endpoint controls, it can also be leveraged to validate user and group policies, as well as Active Directory Group Policy (GPO) and even identify and access management (IAM) solutions.

Can it test endpoint controls?

Yes. The Security Instrumentation Platform can test controls on Windows, Mac and Linux endpoints. Tests can be run in the context of a user leveraging the host’s command line interface or even tools like Powershell on Windows systems.

Does the platform have a rest API?

Yes. The Director is effectively an API server that the web UI is built off of. The Security Instrumentation Platform has a fully documented REST API and is committed to making 100% of SIP’s functionality available, accessible and executable from the REST API.

Does my team need to be "mature" to get value from SIP?

No. Verodin’s customers range from mid-market organizations with a security team of 2-3 employees and a technical CISO all the way up to the largest Financial Services and Oil & Gas companies in the world. SIP is both powerful and extremely easy to use. For less mature organizations, Verodin SIP provides a platform to maturity. SIP enables their defenders to be more offensive and helps guide them along the path of ultimately providing the evidence needed to know their cybersecurity controls are effective.

Is this a Breach and Attack Simulation (BAS) tool?

The Security Instrumentation Platform provides you the evidence needed to continuously validate, measure, and manage cybersecurity controls so that they are effective and properly offsetting the business’ risk as intended. To do this, we focus on validating that controls are correctly configured, identifying where controls can be optimized, quantifying control gaps and overlap, and then continuously validating the environment against a known-good baseline in order to detect and quickly remediate environmental drift.

No one needs another long report telling them they have more problems. In reality, the lack of context can steer an organization down the wrong path by allowing them to feel confident about a decision that is actually damaging to the organization and creating more risk. Picture a situation where “the attack data” shows you a critical control is missing large amounts of attacks and feeling confident in removing it, when, in reality, the control you purchased is more than capable and just has some basic misconfigurations hampering its ability to be effective.

The last thing organizations need is more “attack data,” which is misleading and really just “vulnerability scanning 2.0”. The Security Instrumentation Platform provides you the evidence needed to measure, manage and improve the effectiveness of your cybersecurity program.

Get in touch:

Request a Demo

Chances are you’re ignoring valuable security data that can be gathered via instrumentation. Future-proof your security posture today.

Connect with an advisor


Automate Testing Against MITRE ATT&CK

By automating MITRE ATT&CK emulations, your team is freed from labor intensive, manual testing. Begin generating results within hours of initial implementation by leveraging our security content library and mapping tools.

How do your controls line up?
Download the MITRE whitepaper today
Mitre Ebook Cover
Faster Implementation

Begin generating results within hours by leveraging our security content library and mapping tools.

Save Time & Money

Free your team from labor intensive, manual testing by automating MITRE ATT&CK.

Identify Gaps Sooner

Easy to understand dashboards provide visualized data over time against your known baseline.

More Accurate Results

Our robust library of attacks across all 12 threat vectors fully represent the attack lifecycle.

Increase Confidence

Continuously validate your defense coverage by safely executing attack behaviors.

Best in Class

While most companies focus on basic subset coverage, we provide full depth of the adversary landscape.

Advanced Module

Threat Actor Assurance Module (TAAM)

Add TAAM today to make the latest threat intelligence actionable. Integrates with leading threat intelligence providers and allows for highly detailed threat actor testing within MITRE framework.

Mitre Ebook Cover
Automate Integration

Information is automatically retrieved and collected from third party threat intel integrations, with consolidated actor profiles.

Perform Tests

Security defenses are tested with the same behaviors used by your adversaries.


Tactics, techniques, and procedures are mapped to the MITRE ATT&CK Framework

Present Results

Gain an accurate understanding of which threat actor groups could compromise your organization.