Blog Post

Adversarial Modeling: Giving the Defense an Unfair Advantage

In any organized sport, getting your hands on a competitor’s playbook would definitely be an unfair advantage. Being able to study another team’s game plan would make it pretty easy to see early signals about what play they’re going to run, and when. It would create a huge disadvantage for any team on the attack and it’s why rules against this sort of foul play are strictly enforced.

But when it comes to cybersecurity, there are no rules. Attackers will try anything and everything to accomplish their objective, so it’s time to give the defenders the upper hand. And that’s exactly what we’re doing with new enhancements to the Awake Security Platform announced today.

With a new capability in the Awake platform called Adversarial Modeling™, we’re giving defenders access to a massive “playbook” of the different tactics, techniques, and procedures (TTPs) that attackers use. Awake researchers continuously add models as threats evolve and security teams can customize these models or add their own in order to best defend their unique environments.

For instance, one of our customers is expectedly very concerned about unauthorized access to sensitive data. They have strong controls in place to monitor access to such data from traditional IT assets. But especially in light of reports discussing the abuse of IoT devices, they specifically wanted to make sure they could identify if any “unmanaged” devices were attempting access. With Adversarial Modeling, they were able to define a model that looked for just that, using a set of building blocks based on device types, protocols, rarity in the environment, etc.

A screenshot of a social media post Description automatically generated

This customer and others are excited about this capability because they are empowered to compose their own adversarial models from a set of discrete “skills” without needing an army of expert threat hunters, data scientists and network protocol gurus.

Of course, why stop there, with knowledge about attacker TTPs modeled and stored, the Awake Security Platform autonomously hunts for them and can help security teams see and defend against attacks before it’s too late.

To perhaps state the obvious, this approach is effective because it’s hard for attackers to change their TTPs. Once they learn a new attack method, they tend to stick with it for an extended period. They’ll change only small components, like the domains or email addresses they use, as an effective way to circumvent traditional security tools. But Adversarial Modeling puts a stop to that. It makes life easier for security teams and much more difficult for attackers who can no longer get away by just changing their indicators of compromise.

This is just one of the innovations in the latest version of the Awake Security Platform. Additional features include new capabilities for autonomous triage and response that rely on Ava – Awake’s security expert system – to augment weak signals with intelligence similar to that of a human expert and more effectively identify real threats, without contributing to alert fatigue. In addition, a new integration with SentinelOne creates a more cohesive security posture between network and endpoint protection, and expanded cloud capabilities seamlessly provide 360-degree detection and response for an organizations’ full potential attack surface, including cloud workloads and applications.

To learn more about the new capabilities, read today’s press release or contact us directly to learn how the Awake platform can fit into your environment and make your organization more secure.


If you liked what you just read, subscribe to hear about our threat research and security analysis.

Rajdeep Wadhwa
Rajdeep Wadhwa

VP, Product Management