SecuMap tells security tools what to do, why it matters, and how well it worked. We believe in making that directive layer understandable and measurable. Our methodology combines industry‑recognized standards with proven frameworks so organisations can benchmark and improve their detection posture in a structured, repeatable way. SecuMap works alongside your existing SIEM, EDR, and BAS tooling, directing and measuring what they do.
We leverage two foundational approaches — MITRE ATT&CK and the MaGMa Use Case Framework — to assess, map, and measure detection coverage and operational maturity.
MITRE ATT&CK is a globally recognised knowledge base of adversary tactics, techniques, and procedures. It provides a structured taxonomy for understanding how real‑world threat actors operate, helping security teams map detection capabilities to specific threat behaviours.
By aligning security monitoring and detection rules to the ATT&CK framework, organisations gain clarity on what threats they can identify, how detection techniques relate to adversary actions, and where visibility gaps exist in their defensive layers. This alignment forms the backbone of how we assess threat coverage.
MITRE ATT&CK extends beyond theory — it drives practical insight into how detection mechanisms (from SIEM rules to endpoint telemetry) correlate to actual adversary behaviour, enabling teams to prioritise improvements based on real‑world adversary activity patterns.
The MaGMa Use Case Framework (UCF) provides structure for managing and maturing security monitoring use cases. MaGMa is the name of a use case maturity framework originally developed within the FI‑ISAC community. The name reflects its focus on Management, Growth, and Metrics & Assessment — but MaGMa is treated as a proper framework name, not a generic acronym.
SecuMap is the platform that tells your security tools what to do, why it matters, and how well it worked. It operationalises the MaGMa use case maturity framework as a live system of record for managing, measuring, and improving detection capabilities over time—directing tools rather than replacing them.
Throughout this methodology, MaGMa refers specifically to this established framework and not to a generic acronym expansion.
MaGMa was created to help security teams organise their detection logic in a way that:
The framework was purposely developed to be applicable across sectors, not just financial services, and includes a supporting tool for practical implementation and governance.
MaGMa frames detection use cases in layered detail:
This structure supports traceability from organisational risk drivers down to actual detection rules implemented in tooling, providing visibility into both what is monitored and how well it is monitored.
While we recognise the original MaGMa framework as an authoritative starting point — and acknowledge its roots in the FI‑ISAC collaborative model — SecuMap adapts this for broader use and measurable maturity scoring. Our implementation emphasises:
Using Capability Maturity Model (CMM) principles to evaluate how thoroughly security use cases are defined, implemented, tested, and maintained.
Going beyond descriptive use case documentation to measure test results, alert effectiveness, and continuous improvement cycles — ensuring that detection rules (use cases) are not just present, but operational.
Integrating MaGMa use case definitions with MITRE ATT&CK mappings to quantify visibility and detection coverage across environments.
Together, these approaches give organisations a clear, structured view of their current detection posture, where the gaps are, and how they improve over time — supporting both technical teams and leadership with actionable insights.
Organisations often struggle to answer critical questions such as:
SecuMap tells security tools what to do, why it matters, and how well it worked. By combining MITRE ATT&CK mapping with a MaGMa‑inspired use case maturity model, SecuMap offers a transparent, framework‑based lens for directing and measuring security operations—not for running scans or replacing your existing tooling.