🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Adversary Exercises

Services Overview

The Secureworks Adversary Exercises are delivered by the Secureworks Adversary Group (known as the Secureworks Red Team) and offer a holistic approach for cultivating and enriching your organization's defensive team (known as your Blue Team) capabilities through three primary exercises, each of which can be used at different times during your organization's security maturity or at specific times during your security improvement cycle.

While the penetration testing and vulnerability assessment services offered by Secureworks are designed for discovering and validating weaknesses that an adversary could exploit to gain access to systems or data, the Adversary Exercises services focus on the detection, prevention, and response capabilities of your Blue Team and your security controls as they directly relate to actions performed by a threat actor.

Regardless of your organization's current security maturity, Secureworks offers a wide variety of options within the Adversary Exercises services line-up that will help create a stronger defensive posture by discovering gaps in detection and alerting and simultaneously training defenders to spot malicious activity and respond in a timely manner to prevent further attacks and impede a threat actor's ability to reach their goals and objectives. The following table gives a high-level overview of each Adversary Exercises service, while full details about the service and explanations about various tiers which have been created to accommodate individual needs can be explored on the individual service page by following the included link.

Service Description Key Use Cases and Details
Collaborative Adversary Exercise Secureworks performs a pre-defined playbook of tactics, techniques, and procedures based on common threat actor techniques, alongside your organization's blue team within a dedicated communication channel.
  • A starting point to assess if detections and preventions are effective.
  • Examine TTPs together with Secureworks with explanations and insight into attacks.
  • Tune detections in a controlled setting that also permits attack replay.
  • Blue team is aware of red team activities and participates in the exercise.
Adversary Emulation Exercise Secureworks mimics the tactics, techniques, and procedures of a real-life threat actor that is known to target your organization based on threat intelligence.
  • Test assumptions for detection, prevention, and response to known threat actors and their TTPs.
  • Except for key personnel, blue team is unaware of red team activities. However, depending on your organization's level of security maturity, Secureworks can also share the threat actor selected for emulation with your Blue Team to give a bit of guidance for hunting during the exercise.
  • Focuses on "known bads".
Adversary Simulation Exercise Secureworks simulates a real-life adversary by using unique and unattributable tactics, techniques, and procedures.
  • Assess maturity of security controls and personnel to respond to an unknown threat.
  • Except for key personnel, blue team is unaware of red team activity.
  • Focuses on "unknown bads".

 

On this page: