The Mandiant Security Validation (MSV) and Mandiant Advantage Security Validation (MA-SV) Protected Theater (PT) is an isolated virtual environment that lets you safely test the efficacy of endpoint security controls against destructive behaviors. Each Protected Theater can host a single image, which uses an Actor License. After each test, the Protected Theater automatically reverts the Actor to the original state.
The environment consists of three main components:
- Linux host running virtualization
- Host logs and configuration are similar to those found on Network Actors
- The Security Validation Virtual Network, used to isolate network connectivity
- A Protected Actor
Overview of the PT environment & functionality
Protected Theaters are very useful to Security Operation Centers (SOCs). In many organizations, SOCs do not have visibility into how endpoint defenses are configured so may have a difficult time accurately determining if their environment is protected from specific attacks. Having a PT configured with their gold image enables SOCs to quickly test their environment against actual malware to determine if the defenses are configured to detect and block the threat at the endpoint. The information obtained by running the tests will help them configure and tune rules for their SIEM and security technologies used to protect their environments.