alt Hacker NewsSo around $10K for a full network takeover with Mythos in 'The Last Ones' (a 32-step simulated corporate network attack). Some limitations from the paper on arxiv (emphasis mine):
- No active defenders. Real networks have security teams monitoring for intrusions, responding to alerts, and adapting defences. Our ranges are static, for example our deployment of Elastic Defend was not configured to block or impede attack progress.
- Detections not penalised. We measured triggered security alerts but did not incorporate them into overall performance scores. A model that completes more steps while triggering many alerts may be a lesser threat than one that is able to reliably remain undetected.
- Vulnerability density varies. Our ranges are designed to have vulnerabilities; real environments are not.
- Lower artefact density than real environments. Our ranges contain fewer nodes, services, and files than typical production networks, reducing the noise a model must navigate. While substantially more complex than CTF-style evaluations, our ranges remain considerably simpler than real enterprise environments.
Replies
The world is more of a makeshift operation than you can imagine. Don't forget what caused the Cloudflare outage that took down half the internet last year or the React vulnerabilities and all that, lol :p
> Real networks have security teams monitoring for intrusions, responding to alerts, and adapting defences.
I got some bad news if you really think most (even large) companies have ever once actually looked at what that big Splunk system is collecting for them.
> No active defenders. Real networks have security teams monitoring for intrusions, responding to alerts, and adapting defences.
So, all the fake networks in use outside of Fortune 500?