The best defense is a good offense. And vice versa. That’s the basic idea behind Research, Intelligence and Offensive Tactics (RIOT) Labs, BTB Security’s dedicated deep-security research and threat intelligence team.
The labs grew out of a communications feedback loop that developed organically between BTB’s penetration testers and its Rapid Advanced Detection and Response (RADAR) managed service. “We’ve always differentiated ourselves by approaching security from the hacker’s perspective,” says Ron Schlecht Jr., BTB’s managing partner. When pen testers discovered a new exploit, they would approach the RADAR team and ask how it would protect clients from that specific type of attack. On the flip side, the RADAR team would develop new ways of monitoring and add new things it could detect, then would challenge the pen testers to try to get past them.
“It was a cat-and-mouse game,” says Schlecht. “We were constantly stress testing our own company.”
Ultimately, BTB formalized the process, creating a special team of security and penetration testers, incident responders, forensic investigators, malware analysts, researchers, and developers to maintain communications and provide additional research. It’s a division that’s now known as RIOT Labs. As RADAR detects new kinds of hacker activity and potential attacks, it sends that information to RIOT Labs, where they enhance the information and feed it to the pen testers to use offensively. When the pen testers take advantage of new exploits and vulnerabilities, RIOT Labs makes sure that information gets sent to RADAR so detection rules and methods can be updated.
“It’s like having a football team’s first-string defense playing against its first-string offense all the time,” says Schlecht. “We continually try to outplay each other, which makes both services better.”
At the same time, the Labs staff is studying attackers’ methods, tools and exploits and performing deep research and monitoring the dark web, to identify new dangers. For example, the Labs first saw Eternal Blue – a tool leaked or stolen from the U.S. National Security Agency – as hackers dumped it onto the dark web, well before it made it into the news headlines. RIOT immediately alerted BTB pen testers so they could examine the tool to see how it might be used to attack clients. Meanwhile, RADAR worked to determine how to detect it and RIOT was figuring out how to best defend against it, says Schlecht.
Other security vendors may have research teams, but most tend to be reactive and more focused on the defensive part of the equation. Rarely are they trying to hack into networks and systems. BTB’s approach is more practical and balanced, proactively identifying new tactics, new vulnerabilities and new exploits, which translates into better and more thorough detection and protection against the latest threats.
For more information on how BTB Security can help your organization to stay better protected against security threats, visit us at www.btbsecurity.com.