Simulating the Enemy

How does that old saying go? Keep your friends close and keep your understanding of a threat actor’s underlying behavior and functionality of tradecraft closer? As new tools are developed and implemented for individuals and businesses to protect themselves, wouldn’t it be great to see how they hold up against different attacks without actually having to wait for an attack to happen? Microsoft’s new open-source tool, Simuland, allows users to simulate attacks on their own infrastructure to see where their own weaknesses lie.  In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham sit down with Roberto Rodriguez, Principle Threat Researcher for the Microsoft Threat Intelligence Center (MSTIC) and Simuland’s developer, to understand how the project came to life, and what users can expect as they use it.  In This Episode You Will Learn:  How community involvement will help Simuland grow How individuals can use Simuland to see examples of actions threat actors can take against their infrastructure What other projects and libraries went into Simuland’s development Some Questions We Ask:  What exactly is being simulated in Simuland? What do does Roberto hope for users to take away from Simuland? What is next for the Simuland project?  Resources:  Roberto Rodriguez’s LinkedInRoberto’s blog post, SimuLand: Understand adversary tradecraft and improve detection strategiesRoberto’s Twitter: Cyb3rWard0gMicrosoft Security BlogNic’s LinkedInNatalia’s LinkedIn  Related:Listen to: Afternoon Cyber Tea with Ann JohnsonListen to: Security Unlocked: CISO Series with Bret Arsenault Discover and follow other Microsoft podcasts at microsoft.com/podcastsSecurity Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.  Hosted on Acast. See acast.com/privacy for more information.