Microsoft has launched SimuLand, an open-source lab atmosphere to assist take a look at and enhance Microsoft 365 Defender, Azure Defender, and Azure Sentinel defenses in opposition to actual assault eventualities.
SimuLand take a look at labs “present use circumstances from quite a lot of knowledge sources together with telemetry from Microsoft 365 Defender safety merchandise, Azure Defender, and different built-in knowledge sources by means of Azure Sentinel knowledge connectors,” MSTIC Menace Researcher Roberto Rodriguez said.
Lab environments deployed utilizing SimuLab might help safety consultants “actively take a look at and confirm the effectiveness of associated Microsoft 365 Defender, Azure Defender, and Azure Sentinel detections, and lengthen menace analysis utilizing telemetry and forensic artifacts generated after every simulation train.”
SimuLab take a look at environments are designed to assist safety groups:
- Perceive the underlying conduct and performance of adversary tradecraft.
- Establish mitigations and attacker paths by documenting preconditions for every attacker motion.
- Expedite the design and deployment of menace analysis lab environments.
- Keep updated with the newest methods and instruments utilized by actual menace actors.
- Establish, doc, and share related knowledge sources to mannequin and detect adversary actions.
- Validate and tune detection capabilities.
Presently, the one lab environment available for deployment permits researchers to check and enhance their defenses in opposition to Golden SAML attacks that enable menace actors to forge authentication to cloud apps.
You’ll be able to share your individual end-to-end simulation eventualities by opening new points on the SimuLand GitHub repository.
Moreover engaged on including extra eventualities, Microsoft additionally needs so as to add automation of assault actions by way of Azure Features within the cloud, telemetry export and share, Microsoft Defender analysis labs integration, in addition to infrastructure deployment and upkeep utilizing CI/CD pipelines with Azure DevOps.
Lab environments contributed by means of this open-source Microsoft initiative require an Azure tenant and not less than a Microsoft 365 E5 license (paid or trial).
It is time to go to SimuLand!
Nevertheless it is not a brand new trip theme park scorching spot, it is a new open-source initiative that may make it easier to deploy a lab atmosphere to breed actual assault eventualities to check your safety defenses.
Get the main points: https://t.co/IZwtdMLlT0
— Microsoft Safety (@msftsecurity) May 20, 2021
Final month, the Microsoft 365 Defender Analysis workforce additionally launched an open-source cyberattack simulator dubbed CyberBattleSim.
This simulator permits creating simulated community environments that mannequin how AI-controlled cyber brokers (the menace actors) unfold by means of a community after its preliminary compromise.
“The simulated attacker’s aim is to take possession of some portion of the community by exploiting these planted vulnerabilities,” Microsoft defined.
“Whereas the simulated attacker strikes by means of the community, a defender agent watches the community exercise to detect the presence of the attacker and comprise the assault.”