Glossary of Terms

Adversary Emulation

An adversary emulation platform uses real-world threat intelligence to duplicate the exact tactics, techniques, behaviors, and procedures that a threat actor would use within an organization’s real environment. It tests a network’s resilience against sophisticated attackers and advanced persistent threats. The adversaries are threat groups with the intent, opportunity, and capability to harm their targets with continuous attacks.

Adversary emulation exercises are critical for red teams, because they enable the group to conduct their offense more effectively. Red teams can focus on real-world threats that could infiltrate the network, giving them guidelines and a roadmap to follow on their mission to defeat the blue team’s defenses.

Adversary emulation helps blue teams focus on remediation, concentrating their efforts where most needed. Adversary emulation exercises highlight security gaps, allowing a blue team to identify and fix the vulnerabilities with the greatest risk more quickly.

RidgeBot^® Adversary Cyber Emulation (ACE)

To measure security control effectiveness RidgeBot^® ACE software agents simulate real-world cyberattacks without impacting the organization’s IT environment.

Assessment Test Script – A group of scripted behaviors are carried out by RidgeBot® ACE to simulate a specific cyberattack or to validate the security controls.

Key Measurement Block Rate – The ratio of blocked scripts versus all assessment scripts executed during a RidgeBot^® ACE test.

Endpoint Security – Simulates the behavior of malicious software, or downloads malware signatures to validate the security controls of the target endpoints.

Data Exfiltration – Simulates the unauthorized movement of data from a server, e.g., personal, financial, and confidential data, software source codes, and more.

Active Directory Information Recon – Simulates an attacker to gather useful resources in Windows Active Directory for elevated privilege, persist, and plundering information.