Development and operations a practical guide
How to use this diagram in planning
Download 4.62 Mb. View original pdf
|
- Navigate this page:
- Threat Scenario
| How to use this diagram in planning This diagram can be used to help plan starting points based on the threat perspective. Don’t begin with the assumption that all engagements must start from the outside. Discuss the goals of the engagement along with the desired scenario. Suggest a few points on the diagram that best illustrates the scenario. Discuss how this point represents the engagement scenario. Use the point that will best lead to the achievement of engagement goals. Threat Scenario A core aspect of Red Teaming is threat scenarios. Scenarios provide insight into how a defensive solution will perform and conform to the processes, procedures, policies, activities, personnel, organizations, environment, threats, constraints, assumptions, and support involved in the security mission. Scenarios generally describe the role of the threat, how it will interact with the systems and networks within the target environment, and elicits real-world truth of how essential internal practices are employed. In short, it answers how the target's security operations would dynamically perform an action to deliver results, outputs, or prove capability. A Red Team engagement driven by a specific scenario narrows the focus to a particular area. This allows a concept to be explored at a deeper level. Scenarios allow a specific threat to be emulated and exposed to a target organization. A scenario-based approach can offer additional value over standard penetration testing or vulnerability assessments. The observations and understanding of how a specific threat can impact an organization provide the knowledge needed to efficiently allocate the limited time, money, and resources of an organization to best defend its assets. To simplify, Red Teams explore the "threat story" A scenario provides the script for that story and drives how a Red Team emulates a threat. A Red Team uses the plot to shape their actions and develop their TTPs. All of these aspects combined create a comprehensive threat scenario. How is this used in practice Perhaps a target learns of anew type of malware through a threat intelligence feed. The malware is actively attacking the mobile applications of other, similar organizations. The organization can use a Red Team to design and emulate a specific scenario using the TTPs of the malware. Using threat intelligence reports or malware analysis reports, a Red Team can develop custom code or simulations that mirror the actions of the malware. Scenarios allow the institution to perform a scenario-based Red Team assessment to measure how well its systems will stand up to an attack from the new malware and potentially how it would perform against similar actions of unknown malware. Designing scenarios can be challenging. It is common to select a scenario model that will not enable a Red Team to successfully achieve their goals in the time limits of an engagement. Remember that Red Teams are not finding flaws or vulnerabilities as in a penetration test but stimulating and performing impacts against an organization to measure security operations as a whole. |