With threat actors constantly evolving tact, it is becoming quite clear that a certain attack can take numerous forms with a slight tweak in the underlying tooling. While an exhaustive test of security controls for detecting all these variations may not be possible, SpecterOps’ new purple team assessment is now offering a close second.
The new offering uses the principle of classifying the variations of attack techniques into representative test cases that organizations can test their security controls against.
“Most traditional purple team approaches underestimate the complexity of intra-technique variation, which often leads to a false sense of detection coverage,” said Jared Atkinson, chief strategist at SpecterOps. “Our approach utilizes a diverse set of test cases to measure true coverage.”
The two-week assessment offering, already available to SpectreOps’ customers, will also help security teams understand how adversaries modify techniques to avoid detection.
SpecterOps implements Atomic Testing
The new offering will be leveraging the approach pioneered by Red Canary’s Atomic Team project, which involves extracting individual behaviors from an attack chain in order to control variables impacting the results of security controls.
“Atomic Testing understands that while there is a broad range of variation between attack techniques, we must not forget that there is also a wide range of variation within technique categories,” said Atkinson. “In order to address this, Atomic Testing approaches leverage numerous test cases to present multiple implementations to relevant security controls.”