December 2nd, 2021
LimaCharlie & Atomic Red Team enable a DevOps approach to cybersecurity
Christopher Luft
Engineering is both an art and a science. It requires creative thinking but is bounded by a rigidity which enables measurement and progress. We can only see so far because we stand on the shoulders of giants… and because those giants kept really good notes.
Cybersecurity is growing up and it has to. Cyber is no longer the domain of shadowy figures in hoodie sweatshirts, it now has a presence in the C-suite. As we look to plan the future we can learn a lot from software engineering and the leaders of innovation that preach DevOps: a future-proof security posture requires a reliable test-driven approach on which security teams can rapidly iterate. This is how we build the security bedrock of tomorrow.
Actionable Knowledge Needs to Be Actioned
There was a time not long ago when there was no standard way of assessing how strong or weak a given organization’s security posture was. Finding a security expert and determining if you were safe was the digital equivalent of reading chicken entrails.
As cybersecurity attacks became more commonplace the frustration and uncertainty of unknown exposure became too much to bear and the infosec community responded. One of the most effective solutions was put forward by the MITRE Corporation. They developed the Attacker Tactic, Techniques and Common Knowledge (ATT&CK) framework which has since become one of the gold standards for evaluating an organization's security posture and training security professionals.
The MITRE ATT&CK framework is a knowledge base of adversary tactics and techniques that is based on real-world observations. It is a vital repository of knowledge that can be used to evaluate and subsequently improve an organization's security posture. But how?
Atomic Red Team Changed the Game
In 2017 Red Canary changed the way people thought about the MITRE ATT&CK framework when they released Atomic Red Team to the community. For the uninitiated, Atomic Red Team is a library of automated tests mapped to the MITRE ATT&CK framework which allows security teams to quickly, portably and reproducibly test their environments. It simulates 238 of the different attack techniques defined in the MITRE framework and is run as an open source project for the benefit of everybody.
LimaCharlie Automates Testing at Scale
Things continue to evolve, as they do in cybersecurity. LimaCharlie is leading the change by delivering the core components of cybersecurity cloud-first in a devops friendly way. It is a highly capable set of solutions that would feel familiar to anybody who has worked with AWS or GCP. Many customers utilize us as an advanced EDR that offers full control over detection and response, along with the ability to automate their security operations.
LimaCharlie has integrated Atomic Red Team in an effort to reduce barriers to comprehensive, holistic protection which can only be accomplished by actively testing the organization’s detection & response coverage. Users can run any subset of the MITRE ATT&CK framework on any number of their endpoints with a few clicks of a button or in an automated rule-driven way designed to support continuous integration/development. It is a powerful way for teams to shorten their change control process, save time and defend better.
The easiest way to run Atomic Red Team with LimaCharlie is to install a sensor on an endpoint and then visit the sensor details in the web application. From this detailed sensor view you simply click the button labeled Atomic Red Team which will open a modal allowing you to select the tests you are interested in.
Once the tests have finished running the output is made available on the web application’s main dashboard.
For a full tour of LimaCharlie’s Atomic Red Team integration you can watch the video below.
Along with Atomic Red Team, LimaCharlie provides a powerful cross-platform EDR, log monitoring, software defined networking, curated rule sets, threat feeds, an operations console for teams, and this is just the beginning.
LimaCharlie offers a full-featured free tier of two sensors - you can sign up and start running Atomic Red Team against your endpoints in minutes. Sign up or book a demo and have some LimaCharlie engineers walk you through the platform.