Skip to main content

Microsoft wants to help companies test and prepare for cyberattacks

security threat
(Image credit: Shutterstock.com)

Microsoft has announced a new open source initiative to assist security researchers reproduce well-known techniques used in real attack scenarios inside a lab.

The software giant explains that using its simulated environment, named SimuLand, security experts will be able to test and verify the effectiveness of the company’s related security products including Microsoft 365 Defender, Azure Defender, and Azure Sentinel.

The telemetry and forensic artifacts generated after each simulation exercise will also help extend threat research, Microsoft says.

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

“Our goal is to have SimuLand integrated with threat research methodologies where dynamic analysis is applied to end-to-end simulation scenarios,” says Roberto Rodriguez, Threat Researcher, Microsoft Threat Intelligence Center (MSTIC) R&D. 

More features coming soon

Rodriguez explains that SimuLab will help security teams understand the behavior and methods of their adversaries. It’ll also help them stay on top of the latest techniques and tools used by threat actors.

The tool will also help identify mitigations based on predefined conditions for each attacker action, and help tune and validate the detection capabilities of the various security tools.

According to BleepingComputer, currently SimuLand only supports one lab environment, which is designed to help test and improve defenses against Golden SAML attacks, in order to prevent threat actors from breaking into cloud apps.

Rodriguez adds that the team is working to create more labs, and also plans to add several features to the project, including the ability to export and share all generated telemetry with the larger cybersecurity community.

Via BleepingComputer