0Pricing
Cyber Security Academy · Lesson

Closing Detection Gaps and Metrics

Measuring and improving coverage.

Why Metrics Matter

Purple teaming generates rich data, but without metrics it is just anecdotes. Metrics turn exercises into a defensible improvement story for leadership and budget owners.

  • They show whether defenses are actually getting better
  • They prioritize where to invest limited engineering effort
  • They make abstract 'security posture' concrete and trackable

The goal is not a high score for its own sake, but measurable, sustained improvement against relevant threats.

Detection Coverage

The headline metric is detection coverage: the share of tested techniques that produced an alert.

Compute it per tactic and overall:

coverage = (techniques_detected / techniques_tested) * 100

# Example, Lateral Movement tactic
# 1 detected of 4 tested = 25% coverage

All lessons in this course

  1. Why Purple Teaming
  2. Mapping Attacks to Detections
  3. Running a Purple Team Exercise
  4. Closing Detection Gaps and Metrics
← Back to Cyber Security Academy