DEEP DIVE INTO CYBER THREAT EMULATION WITH RIDGEBOT
RidgeBot®: Adversary Cyber Emulation
RidgeBot® ACE to Measure Security Control's Effectiveness
Assessment Means: Botlet
Botlet is a software agent that can simulate real-world cyber-attacks without any real harm or impact for customer IT environment
Assessment Test Script
A group of scripted behaviors carried out by Botlet to simulate a specific cyber-attack or to validate the security controls.
Key Measurement: Block Rate
The ratio of blocked scripts vs. all assessment scripts executed during a RidgeBot ACE testing
ACE Attack Simulation Scenarios
RidgeBot Botlet simulates the behavior of malicious software or downloads malware signatures to validate the security controls of the target endpoints.
RidgeBot Botlet simulates the unauthorized movement of data from your server — for example, personal data, financial, confidential, software source codes, and more.
Active Directory Information Recon
RidgeBot Botlet simulates an attacker to gather useful resources in Windows Active Directory for elevated privilege, persist, and plundering information.
MEASURING SECURITY CONTROL'S EFFECTIVENESS WITH RIDGEBOT ACE
Endpoint Security Scenario
MEASURING DATA EXFILTRATION EFFECTIVENESS WITH RIDGEBOT ACE
Data Exfiltration Scenario
User can upload 5 types of sensitive data to test the exfiltration of those files can be blocked or not
Validate Security Control Effectiveness
- Overall Block Rate Trend
- Block Rate per Target
- Result Overview per Threat Group
- Result Overview per MITRE ATT&CK Tactic
- Result Overview per MITRE ATT&CK Technique
RidgeBot ACE provides descriptions and mitigation suggestions for un-blocked assessment test
ACE Risk Assessment result with higher block rate indicates better security control in customer IT environment.