Threat Emulation

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
1 hour
Difficulty
Beginner
CEU/CPE
2
Video Transcription
00:00
welcome to module three. Less than three.
00:02
The simulation
00:05
In this lesson. We will explore my personal favorite application of attack,
00:09
emulating threats
00:11
and appreciate how third emulation can use known adversary behaviors such as those documented with an attack to assess, measure and eventually improve our defenses.
00:25
This lesson will focus on what we call intelligence driven emulation or red team's making known threats.
00:32
This process allows us to operationalize and intelligence we discussed in less than one. Specifically, we can use C. T. I to scope and prioritize what threats and behaviors as red teams we evaluate
00:46
at the end of the day. This allows us to observe and evaluate our defenses from the respective that matters that ever adversaries.
00:58
Let's look back at the detection analytic from listen to.
01:02
As you recall, this analytic is targeting
01:03
detecting adversaries, dumping credentials, Bielsa's memory.
01:11
But the question arises after developing and deploying this analytic.
01:14
What's the next step is a defender.
01:17
Do we wait for an adversary to trigger or potentially bypasses analytic?
01:23
We can look back at attack and compare this analytic
01:26
two documented procedures.
01:32
We can also triage news media,
01:34
which may pose new questions such as are we safe against the unknown or previously undocumented procedures?
01:47
This is where threatened form assessments comes in.
01:51
As you can see with example, adversary emulation plan below, we can use intelligence to build out real world adversary https into Red team scenarios.
02:02
This process allows us to actually build out a team TPS
02:07
that provide output that are more quantitative and closely measure how we fare against real adversary behaviors.
02:19
Here's another example of using C. T. I to build out red team scenarios and behaviors that we can execute for better assessments.
02:30
And with that, we started to check for less than three.
02:35
True or false,
02:36
there is a limit to the number of different ways a single behavior can be emulated,
02:42
please positive video and take a second to think of the correct answer before proceeding.
02:51
In this case, the correct answer is false.
02:53
Similar to procedures,
02:54
there is no limit to the number of ways a single behavior can be emulated
02:59
or executed by an adversary.
03:05
And with that,
03:06
we've reached the end of less than three.
03:07
In summary,
03:09
they're emulation is an offensive assessment, making particular adversary behaviors such as those documented with an attack
03:17
we can use threat emulation to address the unlimited number of procedures or variations of how adversary techniques can be executed by adversaries or red teams.
03:30
And finally,
03:30
we can use this threat emulation process to understand how our defenses fare against specific threats and their behaviors.
Up Next
MITRE ATT&CK Defender™ (MAD) ATT&CK® Fundamentals Badge Training

This course is the fundamental piece of the MITRE ATT&CK Defender™ (MAD) series where we will explore how a threat-informed mindset can help focus our efforts towards improving and understanding how our defenses actually fare against real-world adversaries.

Instructed By