Security teams as well as incident response teams must evolve to stay ahead of attack groups and their latest threats, but in recent years this has become more difficult to achieve. Attackers continue to advance and use sophisticated techniques to infiltrate government and private sector systems. They spend a significant amount of time and resources conducting research to learn about the sector they want to infiltrate. They use this knowledge to develop techniques specifically designed to bypass commonly used security tools. Tools, Tactics, and Procedures (TTP) are the ways that attackers work to breach, exploit, and compromise organizations. In recent years, attacking TTPs has become more sophisticated, mimicking normal user behavior, making them very difficult to detect through perimeter-based preventative security controls and the behaviors of each endpoint.

Companies invest large amounts of money to find solutions that help solve this problem. rThreat follows this flow of analysis that helps to evaluate, in a pragmatic way, the effectiveness of this investment:

rThreat is powered by advanced known and unknown threats from the execution of artifacts that are similar to TTPs. By properly reporting to the orchestrator, it’s possible to measure the different cybersecurity systems that the different vendors protect.