It is crazy to think it’s been a year since we launched our Atomic Red Team project! In honor of the milestone, here’s a look back at some of our favorite memories, lessons learned, and a preview of what’s ahead.
There was a great turnout for the latest Atomic Red Team webcast! Thanks to all the people that attended. We had some outstanding audience questions on the new YAML structure, use cases, and CALDERA, MITRE’s automated adversary emulation system. We’ll use this post to go through some of the Q&A in case you couldn’t attend or had to jump off … Read More
It’s been nearly nine months since we launched Atomic Red Team and we’ve been blown away by the tremendous response from the community. It’s exciting to see so many teams testing their security controls and getting a better understanding of what they can and cannot detect. We initially created Atomic Red Team to help security teams (including our own) test … Read More
In last week’s post on detection engineering, we explained what “detectors” are and how Red Canary uses them to hunt and identify threats. This article will take a deeper dive to focus on what happens after a detector is produced and how we measure its effectiveness through tuning. As a general rule, we embrace a high false positive rate. Until … Read More
At Red Canary, we are huge believers in sharing methodologies of how and why we do things. It provides opportunities for others to learn and pushes the community forward. Today we are excited to pull back the curtains on Red Canary’s detection engineering team. Our team’s mission is simple: hunt and find threats. Rather than analyzing and triaging alerts like … Read More
We recently held our second Atomic Red Team training session and were once again blown away by the positive response from the security community. As researchers, nothing is more exciting than taking our work out of the lab and teaching other security professionals how to apply the tests to improve their defenses. It was especially exciting to see multiple team members … Read More
The very nature of Atomic Red Team is to allow for customization of different testing units to determine coverage, prevention, or detection within your environment. Chain reactions are a concept we developed to enable security teams to combine multiple MITRE ATT&CK™ techniques and execute them simultaneously. You can use these free-form methods to either build a sequence of events or … Read More