One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 830616 |
| Date de publication | 2018-10-04 15:20:00 (vue: 2018-10-04 23:00:59) |
| Titre | Top Five MITRE ATT&CK Framework Use Cases |
| Texte |
What is the MITRE ATT&CK?
The MITRE ATT&CK framework is abuzz in the cybersecurity industry lately, and its utility has a lot of professionals excited. The ATT&CK framework predecessor was the Cyber Kill Chain developed by Lockheed-Martin in 2011.
ATT&CK incorporates what MITRE calls Tactics and Techniques to describe adversarial actions and behaviors. Techniques are specific actions an attacker might take, and tactics are phases of attacker behavior. At Threatcare, we’ve watch the steady adoption of the ATT&CK framework over the years. We’ve also seen innovative cybersecurity professionals use the framework in ways that have surprised the MITRE team.
ATT&CK incorporates the 11 Tactics listed below, and each Tactic has numerous Techniques.
MITRE ATT&CK Tactics:
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Lateral Movement
Collection
Exfiltration
Command and Control
Top Five Use Cases
(in no particular order)
- Red Team
There have been several attempts to standardize Red Team tactics and techniques for years. The ATT&CK framework doesn’t address everything a red team should do but is a major step in the right direction. The framework has standardized the terminology used among Red Teamers, helping make Red Teams more effective, especially across large organizations. Red teams also have the ability to carry out real-world scenarios using ATT&CK as a guide, making both training and operations more effective.
- Blue Team
On the defense side of the house, the ATT&CK framework helps Blue Teams better understand what attackers are doing in a concise, comprehensive way. This allows them to better determine what mitigation to put in place on the network. And, as with Red Teams, ATT&CK can act as a standardized method for training.
- Vendor Bake-Offs
Until recently, there wasn’t a standardized way to evaluate security products. Now, with ATT&CK, organizations can test security products in a structured, methodical way.
Additionally, certain products are aligned to the ATT&CK Tactics, giving organizations visibility into potential overspending on products that have the same basic functionality. For instance, DLP should prevent Exfiltration Tactics, and Proxies should prevent Delivery Tactics. But do they successfully do this? And which vendor does it better?
- Breach and Attack Simulation (BAS)
If you’re not familiar with BAS, check out a primer on it here. Although BAS is a new category of cybersecurity tools, the ATT&CK framework has validated its need. Similarly to vendor bake-offs as mentioned above, MITRE ATT&CK can help your organization determine which BAS tool to implement.
At Threatcare, we’ve built ATT&CK Tactics and Techniques into our products and have been working closely with their team to ensure alignment. Learn more about Threatcare here.
- Remediation of Security Gaps
Given all of the above information, it should hopefully come as no surprise that your organization can build a solid understanding of how it can detect and defend its networks by comprehensively testing against the ATT&CK Tactics and Techniques. More insight into attacker behavior means better remediation of gaps and operational capabilities.
Conclus |
| Envoyé | Oui |
| Condensat | 2011 ability about above abuzz access across act actions additionally address adoption adversarial against aligned alignment all allows also although among are att&ck attack attacker attackers attempts bake bas basic been behavior behaviors below better blue both breach build built bullet but calls can capabilities carry cases category certain chain check closely collection come command comprehensive comprehensively concise conclusion control credential cyber cybersecurity day defend defense delivery describe detect determine developed direction discovery dlp does doesn’t doing each effective effectively end ensure escalation especially evaluate evasion everything excited execution exfiltration familiar five framework functionality gaps get given giving guide has have help helping helps here hopefully house how implement incorporates industry information initial innovative insight instance intended it’s its jobs kill large lately lateral learn listed lockheed lot major make making martin means mentioned method methodical might mitigation mitre more movement much need needed network networks new not now numerous offs operational operations order organization organizations out over overspending particular people persistence phases place potential predecessor prevent primer privilege products professionals provide proxies put real recently red reducing remediation right risk same scenarios security seen several should side silver similarly simulation skeptical solid some specific standardize standardized steady step structure structured successfully surprise surprised tactic tactics tactics: take team teamers teams techniques terminology test testing them threatcare tool tools top training understand understanding until use used using utility validated vendor visibility wasn’t watch way ways we’ve what which working world years you’re your |
| Tags | Tool |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.