He is the chief Services Officer of Tidal Cyber, educating organisations on the cyber threats they face. Frank built the MITRE attack evaluations programme from the very start and ran it as the General Manager for four years. This approach basically puts the tester into the role of a real adversary, there is little to no automation, just a skilled team of hackers attacking targets, while recording how defensive tools handle the situation, and to what extent.įrank Duff is the man behind the MITRE security evaluations.
Critical ops mobile hack full#
The idea is to see how a security product would work when a real attack happens.Īnd there is what we do at SE Labs the full real attack, otherwise known as full attack chain testing, or red team testing. There’s penetration testing, for example, where testers have a limited amount of time to focus on either bypassing security products completely, or braking those products, simulation tools generate data that looks like a real attack, but isn’t. Most of the common approaches are useful when evaluating a service or system. There are many different ways to test cybersecurity products. Show notes, including any links mentioned in the show are available at. We’re joined by Frank Duff, who used to work at MITRE, Mike Sentonas from CrowdStrike and Siggi Stefnisson from Avast. We look at ways to bulletproof your most important internet account. Our email accounts sits at the centre of our digital lives. What does it mean to test like a hacker? Can a well intentioned tester behave the same as a real cyber criminal? And when you’re looking for a good security test, how can you tell the useful from the misleading Welcome to DE:CODED, providing in depth insight into cybersecurity. Sign up to our newsletter! Other resources The Anti-Malware Testing Standards Organization (AMTSO) testing Standard.Why is testing with the full attack chain necessary?.Use one of the ‘Listen On’ links above to subscribe using your favourite podcast platform.
Please subscribe and join the discussions.
This episode’s Security Life Hack comes courtesy of Dan Cuthbert! How can you lock down your accounts? And how can you choose the best email security services? We cover all of this, with our own insight and input from the people who create the email security that you rely on! Arguably more important than any other type of computer security. How do you pick a security test report that is truly relevant to you and your organisation? We investigate the difference between a transparently ‘good’ test and corrupt, fake reports.Įmail security is extremely important. Anything else is a simulation with weaknesses that reduce the value of the report. When you test a security product or service, it makes sense to do so like a real attacker.
0 kommentar(er)
