ATT&CK security posture challenges and enhance threat intelligence

Posted by Devin McQuiggin on August 6, 2019

Businesses struggle keeping up with evolving cybersecurity threats. Luckily MITRE's ATT&CK tool is available to help elevate security posture—and it's FREE and open to everyone.

Since 2013, the MITRE Corporation's ATT&CK tool has helped both IT solution providers and CISOs share knowledge on emerging cyber threat tactics and techniques. The tool was created to help develop threat models and methodologies with the goal of improving security posture and awareness.

At Centre’s core, we strive to do things the right way. That requires utilizing and socializing vetted tools that provide the best service possible to our partners.

—Information Security Analyst for Centre Premier™

 

What is ATT&CK?

Threat Intelligence is a key asset for Chief Information Security Officers (CISOs) to evaluate controls, improve security posture, and prevent or mitigate cyberattacks. Adversarial Tactics, Techniques, & Common Knowledge (ATT&CK) became a collaborative threat intelligence knowledge base for security professionals across the globe receiving regular review and updates from multiple sources. ATT&CK helps understand an adversary’s perspective while providing empirical use examples and mitigation strategies.

 

How can using ATT&CK help?

ATT&CK has many beneficial use cases for CISOs to improve or modify their defensive measures for the evolving cybersecurity threat landscape by helping with:

  • Adversary Emulation – “Create adversary emulation scenarios to test and verify defenses against common adversary techniques.” [2]
  • Red Teaming – “Create red team plans and organize operations to avoid certain defensive measures that may be in place within a network.” [2]
  • Behavioral Analytics Development – “Construct and test behavioral analytics to detect adversarial behavior within an environment.” [2]
  • Defensive Gap Assessment – “Used as a common behavior-focused adversary model to assess tools.” [2]
  • SOC Maturity Assessment – “One measurement to determine how effective a SOC is at detecting, analyzing, and responding to intrusions.” [2]
  • Cyber Threat Intelligence Enrichment – “Useful for understanding and documenting adversary group profiles form a behavioral perspective that is agnostic of the tools the group may use.” [2]

 

Is ATT&CK enough?

Is any resource alone enough? No. In a perfect world one tool would be enough to help any CISO secure their environment but unfortunately, we need all the help we can get. ATT&CK should be viewed at as a supplementary tool to be used in parallel with other Threat Intelligence resources.

Are you lacking the technical support equipped with the tools and knowledge to protect your data? Seek a trusted IT solutions provider that knows how to fight off threats to your infrastructure. This is one of the many resource tools used by our many security solutions and partners at Centre Technologies. Learn more about advancing your cybersecurity with Centre Premier™ Business Solutions.

 


References:

  1. https://attack.mitre.org/matrices/enterprise/
  2. https://www.mitre.org/sites/default/files/publications/pr-18-0944-11-mitre-attack-design-and-philosophy.pdf

Topics: cybersecurity, network security, security strategy, ransomware, premier services

Subscribe to Email Updates

Categories

See all