Development and operations a practical guide
Download 4.62 Mb. View original pdf
|
- Navigate this page:
- Creating a Threat Profile by Decomposing a Threat
| Command and Control The command and control tactic represents how adversaries communicate with systems under their control within a target network. There are many ways a threat can establish command and control, with various levels of covertness, depending on system configuration and network topology. Due to the wide degree of variation available to the threat at the network level, only the most common factors were used to describe the differences in command and control. There are still a great many specific techniques within the documented methods, largely due to how easy it is to define new protocols and use existing, legitimate protocols and network services for communication. Creating a Threat Profile by Decomposing a Threat Threat profiles can be built by decomposing existing threats into core components then recomposing them into profiles a Red Team can use to describe and execute a Red Team engagement. The Management Challenge When a Red Team is asked to perform threat emulation of a specific actor, the limits of budget, time, and effort can easily be pushed to the edge. Strong Red Team leadership is required to bridge the gap of realism and effectiveness when emulating a threat. Breaking down a threat into its components and choosing those items that best exercise the engagement’s goals provides leadership a roadmap of how the threat will be accurately represented. In this way, a threat can be emulated within a budget, time, and resource-constrained environment. Creating a threat profile is a great way of establishing the rules as to how a Red Team will act and operate. These act as a roadmap fora Red Team by providing guidance on how and what type of actions should be performed. They help all sides (Red and Blue) ensure the Red Team is emulating the correct threat. Remember, a Red Team engagement is not an all-out hack fest. In many cases, a Red Team is helping personnel understand how a specific threat impacts an organization. Even during an in-depth, full-scale Red Team engagement, a threat profile should be created. It helps describe the threat and their TTPs. This material is ideal for setting the scenario, threading a threat’s story, and can immensely improve the final report. Download 4.62 Mb. Share with your friends:
|