2021-10-30T06:49:00Z

How do you use the MITRE ATT&CK framework for improving enterprise security?

EB
  • 6
  • 214
PeerSpot user
4

4 Answers

Aaron Branson - PeerSpot reviewer
Real User
Top 5
2023-06-21T18:22:19Z
Jun 21, 2023

The MITRE ATT&CK framework is a very powerful addition to your SecOps in the area of Threat Detection & Incident Response (TDIR). Why? Cyber attacks are constantly evolving and becoming more complex. Developed by MITRE, the ATT&CK® framework is a public knowledge base of adversary tactics and techniques based on real-world observations. ATT&CK, (which stands for Adversarial Tactics, Techniques, & Common Knowledge), enables security defenders to block tactics with more rapid response and accurate remediation. So, how do you leverage this? Most commonly, your detection platform (i.e. MDR, SIEM, SOC platform... whatever you prefer to call it) will integrate MITRE ATT&CK to provide a single-point-of-visibility and simplify threat hunting. This allows automatic detection of Indicators of Attack (IoAs) and thus allows you to respond quickly and effectively. This empowers your platform AND your people to stop sifting through false positives to find the proverbial "needle in the haystack". Some more information on how you should integrate MITRE ATT&CK can be found here > https://www.netsurion.com/capa...

Search for a product comparison in Intrusion Detection and Prevention Software (IDPS)
JB
Real User
Top 5
2023-03-02T15:31:43Z
Mar 2, 2023

In modern SIEMs like Devo, you can use MITRE ATT&CK mappings to measure your security posture against risk techniques and tactics. You can monitor both your log coverage by category, to ensure you have the correct log sources integrated, as well as your alerting coverage. This will give you an illustrative map of which techniques and tactics you are defending against effectively. Further, when new alerts or investigations are triaged you can use the framework to guide your research to ensure you've not missed an adversaries movement. Overall, it will strengthen your security posture by closing gaps in your defenses. CISA just released a free self-hosted website that can help your teams map to MITRE using step-by-step questions to help analysts and engineers determine the ATT&CK path called DECIDER https://github.com/cisagov/Dec...

VG
Real User
Top 5Leaderboard
2022-08-11T09:20:56Z
Aug 11, 2022

MITRE ATT&CK framework provides different attack patterns. While the main website has lot of information, microsoft wrote this blog to share details on how Azure maps to this framework. This is excellent read.


MITRE ATT&CK® mappings released for built-in Azure security controls - Microsoft Security Blog

Jairo Willian Pereira - PeerSpot reviewer
Real User
Top 5
2021-11-22T21:25:38Z
Nov 22, 2021

You can simulate different types of access/attacks using the matrix suggested by MITRE: https://attack.mitre.org/matri...


For example, you can transport one internal/specific problem/vulnerability of your environment to matrix and check/validate, possibilities and threats, based on your topologies and tools, maybe be a future real threat. 


It's can help you to "prioritize and categorize" your issues.

Find out what your peers are saying about Darktrace, Vectra AI, Check Point Software Technologies and others in Intrusion Detection and Prevention Software (IDPS). Updated: February 2024.
763,955 professionals have used our research since 2012.
Intrusion Detection and Prevention Software (IDPS)
What Is an Intrusion Detection System? Intrusion detection systems (IDSes) analyze network traffic for signatures of known attackers. The systems can be hardware devices or software solutions. An IDS can mitigate existing malware, such as backdoors, rootkits, and trojans.The goal of an intrusion detection system is to detect an attack as it occurs. The system starts by analyzing inbound and outbound network traffic for signs of known attackers. Some activities an IDS performs...
Download Intrusion Detection and Prevention Software (IDPS) ReportRead more