Threat-Driven Development with Stratus Red Team
Ryan Marcotte Cobb
Principal Information Security Researcher | Secureworks
Complex detection systems can only be trusted when they are tested, but we need to provide security SMEs with a way to combine attack automation with logic to validate that the automated attack is detected as expected. Stratus Red Team is a particularly useful tool for this purpose.
In this talk, Ryan will share his experiences using Stratus Red Team to validate detection coverage in a point-in-time way. He will quickly describe how Stratus works and how his team used code generation from the Stratus detonations to correlate the automated attacks with related telemetry in their backend systems. He’ll also describe how they packaged it for various security teams to review and verify in an XDR product. Lastly, you’ll learn about a homebrew behavior-driven testing tool that wraps Stratus for automated testing.