The SCYTHE platform offers maximum flexibility to emulate adversary behaviors and automate your control testing and validation. SCYTHE eliminates the need to:
- Investigate threat actor behavior
- Build a profile of procedure-level steps to emulate the threat actor
- Educate the Red Team on those procedures
- Coordinate with the Red Team to execute those procedures (assuming you have a Red Team in the first place; if not, it is even harder to emulate without SCYTHE)
With #ThreatThursday, you jump past all that research about threat actor behaviors and are able to grab a campaign that you can load directly into SCYTHE. Like everything in the platform, the emulation plan is customizable to your environment if you so desire. While adversarial emulation is an intelligence-driven process, we SCYTHE recognize that many of our customers don’t have dedicated Cyber Threat Intelligence (CTI) teams. That’s why we’ve done the heavy lifting of threat research to build the adversary emulation plans: so security teams of any size can perform quality adversary emulation that provide the most business value.
Most #ThreatThursday posts go well beyond just the adversary emulation plan. Most #ThreatThursday posts include some (or all) of the following:
- Threat actor description / introduction
- Descriptions of adversary TTPs, as derived from from CTI
- Emulation plan based on procedure-level intelligence
- Mapping of emulated procedures to MITRE ATT&CK techniques
- Detection techniques (sometimes including Sigma rules)
SCYTHE strives to publish #ThreatThursday plans at least monthly. Customers with access to the SCYTHE platform will benefit most from #ThreatThursday posts, but the information provided is useful to anyone interested in threat emulation, and some of it can be operationalized without any platform access.