One Article Review
| Source |  Anomali |
|---|---|
| Identifiant | 3057628 |
| Date de publication | 2021-07-13 15:00:00 (vue: 2021-07-13 15:05:25) |
| Titre | Cyber Threat Intelligence Combined with MITRE ATT&CK Provides Strategic Advantage over Cyber Threats |
| Texte | Many security executives have fundamental familiarity with the MITRE ATT&CK framework, although most perceive it within a narrow set of use cases specific to deeply-technical cyber threat intelligence (CTI) analysts. The truth though, is that when integrated into overall security operations, it can produce profound security and risk benefits. What is MITRE ATT&CK? MITRE ATT&CK serves as a global knowledge base for understanding threats across their entire lifecycle. The framework’s differentiator is its focus on tactics, techniques, and procedures (TTPs) that threats use to operate in the real world, rather than just on typical indicators like IP addresses, file hashes, registry keys, and so on. MITRE ATT&CK offers a rigorous and holistic method for understanding the types of adversaries operating in the wild and their most observed behaviors, and for defining and classifying those behaviors with a common taxonomy. This is an advantage that brings a much-needed level of organization to the chaotic threat landscape organizations face. MITRE ATT&CK has practical applications across a range of security functions when security tooling and processes are mapped to it. By characterizing threats and their TTPs in a standardized way and visualizing them through the MITRE ATT&CK matrix, the framework makes it easier for security leaders and their direct reports to determine and communicate the highest priority threats they are facing and to take more sweeping, strategic actions to mitigate them. In the Weeds? Yes and No At first glance, MITRE ATT&CK can be intimidating. It may even seem too technically in the weeds for executives who are grappling with leadership-level security concerns. However, the truth is that MITRE ATT&CK holds tremendous strategic potential. It can also help accelerate the cybersecurity maturation process. The framework does undoubtedly help security practitioners with their day-to-day technical analysis, making them better at their jobs. However, when used to its full potential, MITRE ATT&CK can help security executives gain better value out of existing technologies, with threat intelligence platforms (TIPs), SIEMs, and other security analytics tools being among these. More importantly, it helps establish strategic visibility into gaps in controls, making it easier to prioritize security investments in people, processes, services, and solutions. CISOs and other security executives could almost think of it as a tool that automates the creation of a roadmap, showing them precisely where the onramps to threats are located in their networks and what vehicles adversaries are using to enter. Let’s take a closer look at how MITRE ATT&CK works and why those in charge of security shouldn’t wait to adopt it into their strategic arsenals. Programmatic Benefits Having established that MITRE ATT&CK provides value to security leaders, let’s consider a few of the genuine benefits it delivers, as it isn’t just in the day-to-day minutiae of security operations where MITRE ATT&CK shines. Overlay. When an organization overlays its existing security posture and controls on top of MITRE ATT&CK-contextualized CTI, it becomes much easier to identify the riskiest control gaps present in the security ecosystem. Productivity. When looking at workflows and the teams available to respond to the MITRE ATT&CK-delineated TTPs most likely to target the organization, leaders can more easily identify at-risk talent and process gaps and then take steps to better address both. Prioritization. As security leaders go through their regularly scheduled validation of security coverage, they should leverage their CTI to identify the most common TTPs relevant to their environments. MITRE ATT&CK can crisply articulate this. With an understanding of where their biggest risks reside, executiv |
| Envoyé | Oui |
| Condensat | “communications able about accelerate across actions address addresses adopt advantage adversaries agencies all almost already also although always among analysis analysts analytics answer answers any applications approach are areas arsenals articulate att&ck automates available awareness away base becomes behaviors being benefits better bigger biggest board boards both breached brings building business’s bypass can cases categories change chaotic characterizing charge cisos classifying clear click closer combined comes common communicate communications concern concerns concrete conjunction consider context contextualized continuously control controls could coverage creation crisply cti cyber cybersecurity day decision decisions deeply defense defining delineated delivers detect detection determine differentiator direct directors discussion does domain double easier easily ecosystem efficacy efficiency efforts eliminate embrace enter enterprises entire environments especially establish established even executives exist existing explain face facing familiarity file first five focus forcing framework framework’s from full functions fundamental futures gain gaps gartner genuine glance global goes going government grappling greater guidance handle has hashes have having help helpful helping helps highest holds holistic how however identify illuminates impact importantly improve incident incoming indeed indicators inform information inquiry insights integrated intelligence intimidating investment investments isn’t it’s its jobs just justify keys knowledge landscape leaders leadership leads let’s level levels leverage lifecycle like likely lines located look looking low make makers makes making many mapped matrix maturation may measurable measure mentioning method minutiae mitigate mitigation mitre more most much must names narrow needed networks never nevertheless not noting observed offers onramps operate operating operations organization organizations other out over overall overlay overlays people perceive performance picture platforms points posture potential practical practitioners precisely prepared present prioritization prioritize priority procedures process processes produce productivity profound programmatic provide provides providing purely questions range rather ready real reality registry regularly related relates relevant report reports requests reside resource respond response rigorous risk riskiest risks roadmap scheduled secure security see seem serves services set shifting shines should shouldn’t showing siems situational solutions specific spend split standardized stealth steps stop strategic subject such sweeping tactical tactics take talent talking target taxonomy teams technical technically techniques technologies technology than them then these think those though threat threats through time tips too tool tooling tools top topics tremendous truth ttps types typical understand understanding undoubtedly use used users using validation value vehicles view viewing visibility visualizing wait way weeds well what what’s when where which who why wild within workflows works world worth |
| Tags | Tool Threat Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.