Strengthening the operations of the red team – GCN

Strengthening the operations of the red team

Using red teams – ethical hackers who identify system vulnerabilities – can be an effective way for organizations to find and resolve issues before malicious cyber actors exploit them. The demand for such Red Team security assessments, however, far exceeds the supply of those who can do them – and the time and expertise it takes for a Red Team to create the required infrastructure. is a critical limiting factor. The Defense Advanced Research Project Agency wants to solve this problem through automation.

To evade detection as they move sideways through networks assessing protections, the behaviors of Red Teams inevitably create “signatures” or the tactics, techniques, and procedures they employ that may indicate their presence. If the blue teams spot these signatures at the start of an exercise, the evaluation stops. If the Blue Teams can see these signatures in networks outside of the one assessed, then the Red Team risks wasting the time and resources they have invested in building an operational infrastructure that emulates the sophisticated threats. This failure undermines the long-term effectiveness of the Red Team.

Because it takes a lot of time and subject matter expertise for a red team to create a test infrastructure – comprising domain names, IP addresses, virtual servers and other components – that mimics sophisticated threats , escapes detection and reduces signatures, the Defense Advanced Research Project Agency wants to automate some of this work.

The Signature Management using Operational Knowledge and Environments (SMOKE) program aims to develop tools to automate the planning and deployment of threat-emulated and attribution-aware cyber infrastructure.

A general agency announcement on December 6 describes two task areas that “will enable red teams to plan, build and deploy cyber infrastructure that relies on machine-readable signatures of sophisticated cyber threats.”

The first task involves the development and deployment of the cyber infrastructure required for network security assessments. DARPA wants tools that will automate the acquisition, management and disposal of infrastructure resources and cyber people used for interactions with the infrastructure. He also wants tools capable of recommending and executing various contingency plans based on the information provided by signature sensors, which is the basis of the second task – developing tools that will help automate the discovery of opponents’ signatures. .

With these tools, Red Teams will be able to “increase the scale, efficiency, duration and effectiveness of cybersecurity assessments,” DARPA said. “Additionally, Red Teams will be able to provide longer cybersecurity assessments for more concurrent networks due to their ability to stay hidden for longer. “

Proposals are due January 31.

About the Author

Susan Miller is Editor-in-Chief at GCN.

During a past career in technology media, Miller has worked in editorial, print and online production, starting with the copy office at IDG’s ComputerWorld, moving to print production for the Federal Computer. Week and later helping with website launch and email newsletter delivery for FCW. After a stint at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she joined what would become 1105 Media in 2004, eventually managing content and production for all websites. government-focused business. Miller returned to writing in 2012, when she started working with GCN.

Miller holds a BA and MA from West Chester University and completed a doctorate. work in English at the University of Delaware.

Connect with Susan at [email protected] Where @sjaymiller.

Comments are closed.