Microsoft has announced a new open source initiative to assist security researchers reproduce well-known techniques used in real attack scenarios inside a lab.
The software giant explains that using its simulated environment, named SimuLand, security experts will be able to test and verify the effectiveness of the company’s related security products including Microsoft 365 Defender, Azure Defender, and Azure Sentinel.
The telemetry and forensic artifacts generated after each simulation exercise will also help extend threat research, Microsoft says.
- We've put together a list of the best endpoint protection software
- Check our list of the best firewall apps and services
- Here's our choice of the best malware removal software on the market
“Our goal is to have SimuLand integrated with threat research methodologies where dynamic analysis is applied to end-to-end simulation scenarios,” says Roberto Rodriguez, Threat Researcher, Microsoft Threat Intelligence Center (MSTIC) R&D.
More features coming soon
Rodriguez explains that SimuLab will help security teams understand the behavior and methods of their adversaries. It’ll also help them stay on top of the latest techniques and tools used by threat actors.
The tool will also help identify mitigations based on predefined conditions for each attacker action, and help tune and validate the detection capabilities of the various security tools.
According to BleepingComputer, currently SimuLand only supports one lab environment, which is designed to help test and improve defenses against Golden SAML attacks, in order to prevent threat actors from breaking into cloud apps.
Rodriguez adds that the team is working to create more labs, and also plans to add several features to the project, including the ability to export and share all generated telemetry with the larger cybersecurity community.
- Protect your devices with these best antivirus software
Via BleepingComputer
