By Light Professional IT Services LLC and FireEye, Inc. have announced the integration of Mandiant® Threat Intelligence within By Light’s Cyberoperations Enhanced Network and Training Simulators (CENTS®). The merged capabilities provide a platform to train defensive cyberspace operators against the malware tools threatening Department of Defense (DoD) networks.
Mandiant Threat Intelligence from FireEye provides Cyber Protection Teams with an opportunity to experience how adversaries operate. DoD opposing forces (OPFOR) can also customize their attacks to provide a complete and responsive training scenario. By delivering captured and repurposed malware in the CENTS range environment – either on command or automated – the OPFOR can emulate malicious actors’ tactics, techniques, and procedures.
Within CENTS, an attack is based on a real-world threat actor or group (e.g., APT3, APT10, Emotet) and uses captured malware to emulate the specific threat. To support collective training events and exercises, these attacks are enriched with Mandiant Threat Intelligence and occur as part of multiphase plans that form the basis for adversary campaigns against U.S. networks and infrastructure. By Light and FireEye further contextualize the threat activity by coupling the attacks with enemy objectives and success criteria. All malware is contained within the safety of a cyberspace range customized by the user to reflect the operational environment.
By Light customers can use APT cyberspace attacks on the CENTS® platform for a variety of training purposes:
- Observe Attacks: CENTS® users can launch an attack to test sensor detection capabilities, rehearse incident response actions, and identify indications and warnings associated with an attack.
- Evolution of Threat: CENTS® allows users to modify the training environment and vary existing attacks to study the APT’s tradecraft and likely courses of action.
- Mission Rehearsal: Range builders using CENTS® can overlay various APT attack plans to teach, train, and assess cyberspace professionals using the threat actor’s TTPs and to prepare them for upcoming missions.
- Operational Technology (OT) and Industrial Control Systems (ICS): CENTS® begins at Layer 2 and enables IP addressable mission systems and ICS to be added on the fly. The range can be extended with unit kits or OT networks to test mission systems and defend ICS.