By Fernando Martinez and Javier Ruiz of AT&T Alien Labs.
In our previous blog, we analyzed how it is possible to map malware threats using the MITRE ATT&CK™ framework. In this blog, we will test the USM Anywhere platform against red team techniques and adversary simulations. We performed this analysis as part of our continuous efforts to improve the platform’s detection effectiveness.
There are numerous frameworks that can help you simulate the actions that a red team would perform in a post-compromise situation – as well as techniques associated with particular APT groups. These frameworks allow you to simulate malicious activities at an enterprise level, without actually infecting any systems. They just generate enough activity to validate defensive telemetry and test incident response plans and playbooks.
When running scenarios, we will cover a wide variety of techniques using the new MITRE ATT…