By Light Professional IT Services LLC and the intelligence-led security company, FireEye, Inc. (NASDAQ: FEYE) today announced the integration of Mandiant® Threat Intelligence within By Light’s Cyberoperations Enhanced Network and Training Simulators (CENTS®). The merged capabilities provide a unique platform to train defensive cyberspace operators against the most relevant malware tools threatening Department of Defense (DoD) networks today.
As today’s cyberspace landscape features an increasing number of well-funded, highly organized, and complex adversaries, the use of real-world threat intelligence in training and exercises has become crucial to defending effectively against cyberspace attacks. Industry-leading Mandiant Threat Intelligence from FireEye provides Cyber Protection Teams (CPTs) an opportunity to experience how these adversaries operate. Furthermore, DoD opposing forces (OPFOR) can customize their attacks to provide the most complete and responsive training scenario available to the defenders. By delivering captured and repurposed malware in the CENTS® range environment – either on command or automated – the OPFOR can emulate malicious actors’ tactics, techniques, and procedures (TTPs).
“Through this integration with By Light, we are giving highly skilled outfits such as the U.S. Cyber Mission Forces (CMF) access to the tailored, proprietary data and intelligence they need to rapidly develop and deploy advanced capabilities,” said Ron Bushar, CTO of Government Solutions at FireEye. “Within the custom command and control Mandiant Cyber Operations Platform (MCOP), teams can repurpose the very APT payloads to train the CMF in defensive cyberspace operations (DCO), alongside a Mandiant specialist, and supported by our FireEye Labs Advanced Reverse Engineering (FLARE) team. The realism and training impact behind these attack scenarios is truly unmatched.”
“By Light’s expanded relationship with FireEye underlines our commitment to increasing the realism and training opportunities of the range environment,” said Tim Grattan, Senior Vice President, Cyberspace Operations, By Light Professional IT Services LLC. “Integrating best-in-breed Mandiant Threat Intelligence into CENTS® allows us to better prepare CPTs, local cyberspace defenders, and students to detect and respond to these attacks.”
Within CENTS®, an attack is based on a real-world threat actor or group (e.g., APT3, APT10, Emotet) and uses captured malware to emulate the specific threat. To support collective training events and exercises, these attacks are enriched with Mandiant Threat Intelligence and occur as part of multiphase plans that form the basis for adversary campaigns against U.S. networks and infrastructure. By Light and FireEye further contextualize the threat activity by coupling the attacks with enemy objectives and success criteria. All malware is contained within the safety of a cyberspace range customized by the user to reflect the operational environment.
By Light customers can use APT cyberspace attacks on the CENTS® platform for a variety of training purposes:
- Observe Attacks: CENTS® users can launch an attack to test sensor detection capabilities, rehearse incident response actions, and identify indications and warnings associated with an attack.
- Evolution of Threat: CENTS® allows users to modify the training environment and vary existing attacks to study the APT’s tradecraft and likely courses of action.
- Mission Rehearsal: Range builders using CENTS® can overlay various APT attack plans to teach, train, and assess cyberspace professionals using the threat actor’s TTPs and to prepare them for upcoming missions.
- Operational Technology (OT) and Industrial Control Systems (ICS): CENTS® begins at Layer 2 and enables IP addressable mission systems and ICS to be added on the fly. Extend the range with unit kits or OT networks to test mission systems and defend ICS.
About the By Light CENTS® Platform
By Light’s CENTS® platform delivers an integrated Live-Virtual-Constructive (LVC) range environment for demonstration, training, exercise, tool development, and testing full-spectrum cyberspace capabilities. In addition to the FireEye cyberspace attacks, CENTS® features dynamic traffic flows, customizable protocols, social media services, multi-layer websites, and real-world geo-IP addressing. The range executes in automated or manual mode, and it can be reconstituted within minutes. To learn more about By Light’s CENTS® platform, visit: https://cybercents.com/
About the Mandiant Cyber Operations Platform
The MCOP is an industry-leading platform for enhanced network defense, security testing, cyber exercises, and Red Team tool kit. Cyber security professionals require a rapid deployment framework to conduct attacks with TTPs more closely aligned with that of specific APTs or unknown cyber clusters. With the MCOP, cyber professionals are able to use proprietary intelligence, data, and software to better replicate adversary attacks and improve their ability to stay proactive on enemy cyber network exploitation (CNE) TTPs.
About By Light Professional IT Services LLC
By Light Professional IT Services LLC, headquartered in McLean, VA, is an ISO 9001, 20000-1, and 27001 certified and CMMI-DEV L3 rated systems integrator that provides secure turn-key systems by incorporating exceptional engineering, project management, telecommunications, and cyber capabilities to safeguard mission success. Founded by industry professionals with extensive knowledge in Department of Defense and Federal agencies, By Light successfully implements technical solutions that integrate best commercial practices for government, commercial, and international customers. For more please visit www.bylight.com.
About FireEye, Inc.
FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber-attacks. FireEye has over 9,000 customers across 103 countries, including more than 50 percent of the Forbes Global 2000.
FireEye and Mandiant are registered trademarks or trademarks of FireEye, Inc., in the United States and other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.