Endgame Launches Open-Source Initiative to Drive Adoption of MITRE ATT&CK™, the Best Model of Attacker Behavior
Initial release of red team automation tools cover one quarter of MITRE ATT&CK Matrix™
ARLINGTON, VA - March 19, 2018 - Endgame, the leader in unified endpoint protection against targeted attacks, today announced it released a set of open-source tools that allow enterprises to test defenses against modern attacker behaviors. These tools, called red team automation (RTA), directly map to MITRE's ATT&CK™ matrix, the most comprehensive framework for attacker techniques and tactics. Security teams that lack sufficient time and resources will now have the ability to measure protection capabilities beyond malware-based attacks.
“Enterprises struggle with a practical way to validate the effectiveness of endpoint products, services, or homegrown capabilities,” said Mark Dufresne, Director of Threat Research and Adversary Prevention at Endgame. “Endgame’s RTA is simple and easy to implement or extend, allowing practitioners to effectively test their organizations’ defenses against techniques outlined in the ATT&CK framework. With RTA, enterprises will have better assurance that their protections can withstand even the most sophisticated attacker behaviors. We are pleased to make this free and open source contribution and look forward to working with the community on its improvement.”
Only 51 percent of today’s cyberattacks involve malware. The remaining 49 percent represent a major vulnerability concern for organizations facing fileless or malwareless-based attacks that bypass existing security controls. The MITRE Corporation has developed the best model of modern attacker capabilities. However, testing an organization’s ability to stop these behaviors is often too complex or time intensive for security teams. With Endgame’s RTA, customers will now have access to a turnkey validation toolkit that helps teams better understand their security posture.
The Endgame RTA repository currently has 38 scripts with capabilities to conduct the following assessments, and much more:
- Use native tools to download and execute remote files
- Perform anti-forensics operations such as deleting volume journals
- Perform lateral movement to a target system and take actions
- Setup both common and uncommon persistence mechanisms
- Perform one of several UAC bypass techniques
Endgame plans to release additional scripts in the coming months that expand this coverage across the entire ATT&CK™ matrix, and is also accepting pull requests from the industry to contribute to its open source project. To read more about the technical advantages of RTA, read our latest blog post or view the toolkit in github.
Endgame's endpoint protection platform brings certainty to security with the most powerful scope of protections and simplest user experience, ensuring analysts of any skill level can stop targeted attacks before information theft. Endgame unifies prevention, detection, and threat hunting to stop known and unknown attacker behaviors at scale with a single agent. For more information, visit www.endgame.com and follow us on Twitter @EndgameInc.
YouTube: Endgame on YouTube