Endgame launches open source initiative
Endgame has released a set of open source tools that allow enterprises to test defences against modern attacker behaviour. These are called Red Team Automation (RTA) tools.
Security teams that lack sufficient time and resources will now have the ability to measure protection capabilities beyond malware-based attacks. This is because RTA tools directly map to MITRE’s ATT&CK matrix, the most comprehensive framework for attacker techniques and tactics.
Only 49 per cent of today’s cyber attacks represent a major vulnerability concern for organisations facing fileless or malwareless-based attacks that bypass existing security controls. Testing an organisation’s ability to stop such behaviour is often too complex. The MITRE Corporation has supposedly developed the best model of modern attacker capabilities. With Endgame’s RTA, customers will now have access to a turnkey validation toolkit that helps teams better understand their security posture.
“Endgame’s RTA is simple and easy to implement or extend, allowing practitioners to effectively test their organisations’ defences against techniques outlined in the ATT&CK framework. With RTA, enterprises will have a better assurance that their protections can withstand even the most sophisticated attacker behaviour. We are pleased to make this free and open source contribution, and look forward to working with the community on its improvement,” said Mark Dufresne, director of threat research and adversary prevention, Endgame.
Endgame plans to release additional scripts in the coming months that expand this coverage across the entire ATT&CK matrix, and is also accepting pull requests from the industry to contribute to its open source project.
Endgame has shared the RTA framework publicly to help organisations accelerate and enable the assessment process and highlight detection coverage and gaps. As a result, organisations will be able to focus more confidently on monitoring real-time detection in their enterprise and fill the critical gaps in coverage.