This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Mandiant Security Validation utilizes an isolated virtual environment called Protected Theater to allow you to safely test the efficacy of endpoint security controls against destructive behaviors. In this section, we will walk you through the process of deploying and utilizing the Protected Theater.
Prerequisites
Administrative access to MSV Director.
Actions
Deploy Protected Theater
In this action, we will walk you through all of the decisions and steps necessary to deploy a Protected Theater.
See the Relevant Links section for more documentation regarding the prerequisites.
Administrative access to MSV Director.
Administrative access to VMware vSphere.
Static IP Address for the Protected Theater.
Steps
Confirm that the hardware meets specifications in linked documenation. | Docs
Confirm that nested virtualization is enabled for the Protected Theater VM. See linked VMware documentation for more information. | Docs
Review additional information in the linked documenation to ensure that all SSL certificates and protected artifacts and services have been configured properly. | Docs
Deploy the Protected Theater using OVA, see linked documentation. | Docs
Register the Protected Theater with the Director, see linked documentation. | Docs
Configure the customer Gold Image, see linked documentation. | Docs
Import the customer gold image into the Protected Theater, see linked documentation. | Docs
Protected Theater is an extremely powerful tool to test the efficacy of your security controls. In this section, we will walk you through uploading files to the endpoint file library, connecting to the Protected Theater using VNC or Console, and finally, creating a Protected Theater Action.
See the Relevant Links section for more documentation regarding the prerequisites.
Administrative access to MSV Director.
Deployed Protected Theater.
Steps
In order to upload files to the Endpoint Files Library, you'll need to navigate to the Director and sign-in.
Select Library > Endpoint Files.
Click Add File and select the file you want to upload.
Add a description of the file.
Select the lowest User Group that should have access to the file.
Click Submit.
To connect to the Protected Theater over Console, you will need to navigate to the Director and sign-in. Then click Environment > Protected Theaters.
Click Edit next to the Protected Actor.
Click Launch Console.
Protected Theater Actions are a special type of Host CLI Action that includes destructive behaviors. Ensure that you've already added the file to the File Library, if your action will utilize a file.
Approve the file or have your Security Validation admin approve the file.
Ransomware Defense Validation (RDV) is available for Mandiant Security Validation customers. It delivers a "low touch", safe, and continuous test of whether your security controls can prevent the latest ransomware.