• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
Compliance, IT Infrastructure, Network Security, News

You Can Now Test Your Microsoft Security Tools Against Known Threats

Microsoft has announced SimuLand, an open-sourcd test lab that allows customers to test the company's security tools against cyberattacks.

May 21, 2021 Zachary Comeau Leave a Comment

Microsoft January Patch Tuesday
wolterke/stock.adobe.com

Investing in cybersecurity and implementing policies designed to help keep your organization safe from threat actors is one thing, but how do you know that your networks are truly safe?

Microsoft is attempting to answer that question by releasing SimuLand, an open-source initiative designed to help security researchers deploy lab environments to test and improve Microsoft’s cybersecurity tools against well-known attack techniques used in real scenarios.

According to a Microsoft blog, those lab environments will provide use cases from a variety of data sources, including telemetry from Microsoft 365 Defender security products, like Azure Defender and other integrated data sources through Azure Sentinel data connectors.

The company hopes SimuLand will help IT pros better understand cybercriminals and their tools, identify mitigations and attacker paths, expedite the design and deployment of threat research lab environments, stay current on the techniques and tools used by threat actors, document and share data to model and detect threats and tune detection capabilities accordingly.

Microsoft wants to have SimuLand integrated with threat research methodologies where dynamic analysis is applied to end-to-end scenarios, and it is designed to reuse and test combinations of attacker actions with different lab environment designs.

Simulations provided to the project are based on research and broken down into attacker actions mapped to the MITRE ATT&CK framework.

Read Next: U.S. Agencies Say SolarWinds Hackers Monitor IT Staff To Collect Info, Avoid Detection

Simulation steps will then be mapped to detection queries and alerts from Microsoft 365 Defender security products, Azure Defender and Azure Sentinel.

According to the project’s GitHub repository, the only lab available allows organizations to “simulate an adversary stealing the AD FS token signing certification from an on-prem AD FS server in order to sign SAML token, impersonate a privileged user and collect mail data in a tenant via the Microsoft Graph APi.”

Cybersecurity firm FireEye says that was one method that the actors behind the SolarWinds compromise used to bypass multi-factor authentication and access cloud services as any user at any time.

The company is calling for customers to share new scenarios and detection rules, and Microsoft plans on creating more scenarios and working on new features to improve the project, including:

  • A data model to document the simulation steps in a more organized and standardized way.
  • A CI/CD pipeline with Azure DevOps to deploy and maintain infrastructure.
  • Automation of attack actions in the cloud via Azure Functions.
  • Capabilities to export and share telemetry generated with the InfoSec community.
  • Microsoft Defender evaluation labs integration.

To contribute, you need a paid or trial version of Microsoft 365 E5 and an Azure tenant.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: Cybersecurity, Microsoft

Related Content:

  • data breach Nearly 900 Schools Impacted by National Student Clearinghouse…
  • Rearview shot of two young designers giving each other a fist bump in an office, on display is Crestron desk scheduling device Crestron Introduces Desk Q and Desk Touch Scheduling…
  • CI SSI cover Commercial Integrator and Security Sales & Integration Magazines…
  • cyber-attack-skull Spike in Cyberattacks Exposes Vulnerabilities in University Security…

Free downloadable guide you may like:

  • Download TechDecisions' Blueprint Series report on Security Awareness now!Blueprint Series: Why Your Security Awareness Program is Probably Falling Short

    Learn about the evolution of phishing attacks and best practices for security awareness programs to ensure your organization is properly prepared to defend against them in this report from TechDecisions' Blueprint Series.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Download TechDecisions' Blueprint Series report on Security Awareness now!
Blueprint Series: Why Your Security Awareness Program is Probably Falling Short

Learn about the evolution of phishing attacks and best practices for security awareness programs to ensure your organization is properly prepared t...

Workplace Collaboration Tools for Corporate Spaces
Workplace Collaboration Tools for Corporate Spaces

From lobbies and shared spaces to conference rooms and multipurpose facilities, you need high-performing AV technology to effectively share informa...

ChatGPT, generative AI, enterprise, workplace
Blueprint Series: ChatGPT and Generative AI in the Workplace

This latest release of the TechDecisions Blueprint Series explores the new phenomenon of tools such as ChatGPT and how IT leaders should go about d...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Advertise with Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSDO NOT SELL MY PERSONAL INFORMATIONTERMS OF USEPRIVACY POLICY

© 2023 Emerald X, LLC. All rights reserved.