This post is part of our course Adversary Emulation 101: Mimicking a real-world cyber attack.
Adversary Emulation is a form of cybersecurity assessment. During this assessment assessors replicate a specific threat scenario. For example, assessors may assume the role of cyber criminals who want to exfiltrate customer data out of the organization. Another scenario could be assessors trying to infect the organization’s software product(s) and mimic a supply chain attack.
How to perform Adversary Emulation?
These exercises are performed by red teams. The responsibility of defending lies with blue teams. Usually an attack methodology is created or followed to conduct these exercise. This can be in form of a process, such Red Team Operations Attack Lifecycle. Or well defined attack plans such as MITRE Adversary Emulation Plans. Cyber threat intelligence sources also play a key role during this exercise. They often serve as a starting point for most exercises.
Benefits
The aim of this exercise is to see how the organization’s defenses will fare in the event of a real cyber attack. Such exercises are helpful in identifying vulnerabilities missed during other assessments (such as penetration testing) as such assessments are usually limited in scope and attack surface. For example, Facebook is leveraging adversary emulation to protect their infrastructure from sophisticated attacks.
Featured Image Source: Freepik
Uday Mittal is a cybersecurity professional with rich working experience working with various industries including telecom, publishing, consulting and finance. He holds internationally recognized certifications such as CRTP, OSCE, OSCP, CISSP, CISA, CISM, CRISC among others. He speaks on cybersecurity awareness, offensive security research etc. and has authored various articles on topics related to cyber security and software development for a leading magazine on open source software.