AdvisoryAdvisoriesCISAAA23-059A

February 28, 2023

CISA Red Team Assessment

February 28, 2023

What we know so far

In 2022, CISA conducted a red team assessment for a large critical infrastructure organization. The red team successfully breached the organization's network, traversed multiple sites, and gained access to systems adjacent to sensitive business systems. Although the organization had a mature cyber posture, they failed to detect the red team's activities, highlighting the need for improved detection capabilities. CISA is releasing a Cybersecurity Advisory (CSA) that outlines the red team's tactics and key findings, offering proactive steps for network defenders to mitigate similar threats. The CSA emphasizes the importance of collecting and monitoring logs for unusual activity, as well as continuous testing and exercises to enhance an organization's security regardless of its cyber posture maturity.

Arrow Right

Schedule a test

Our insights

Protect your endpoints

Subscribe to alerts

February 28, 2023

Insights by Prelude

Many red team assessments revolve around MITRE ATT&CK. The offensive team will proactively determine which tactics and techniques they want to try, write them into an agreed upon rules of engagement document, and then perform the associated behaviors. This pattern adds structure to the testing but can open you up to a false sense of security. The “many variations problem” states that any test implementation can be tweaked to evade the defense. However, you can counteract this problem through continuous variation. By running a never-ending supply of tests, every day, and across all endpoints, the idea is you will eventually run a statistically significant number of variations.

See if you are protected against this advisory

Arrow Right

Schedule a test with Prelude

Subscribe to advisory alerts

Be immediately notified of new advisories and associated security tests

More advisories

AdvisoryAdvisoryCISAAA24-207A

July 25, 2024

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

AdvisoryAdvisoryCISAAA24-193A

July 11, 2024

CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth

AdvisoryAdvisoryCISAAA24-190A

July 9, 2024

People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action

See all advisories

Arrow Right
Solutions
For Detection & Response TeamsFor CISOs
Platform
DetectCrowdStrike
Company
AboutCareersBlogAdvisoriesResourcesCommunityPress
Book a Demo

©2024 Prelude Research, Inc. All rights reserved.
Prelude, its logo and other trademarks are trademarks of Prelude Research, Inc. and may not be used without permission.

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
DenyAccept

Cookies

Happening Soon: CTI to Assurance: Automating Proactive Threat Management With Prelude Detect
Save Your Seat
Arrow Right