2021-10-30T06:49:00Z
EB
Director of Community at PeerSpot (formerly IT Central Station)
  • 3
  • 151

How do you use the MITRE ATT&CK framework for improving enterprise security?

Hello community,

What are the MITRE ATT&CK framework use cases? 

How can it be used in an enterprise security strategy?

2
PeerSpot user
2 Answers
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a retailer with 10,001+ employees
Real User
Top 5Leaderboard
2021-11-22T21:25:38Z
Nov 22, 2021

You can simulate different types of access/attacks using the matrix suggested by MITRE: https://attack.mitre.org/matri...


For example, you can transport one internal/specific problem/vulnerability of your environment to matrix and check/validate, possibilities and threats, based on your topologies and tools, maybe be a future real threat. 


It's can help you to "prioritize and categorize" your issues.

Search for a product comparison in Intrusion Detection and Prevention Software (IDPS)
VG
Chief Architect at Peristent Systems
Real User
Top 5Leaderboard
2022-08-11T09:20:56Z
Aug 11, 2022

MITRE ATT&CK framework provides different attack patterns. While the main website has lot of information, microsoft wrote this blog to share details on how Azure maps to this framework. This is excellent read.


MITRE ATT&CK® mappings released for built-in Azure security controls - Microsoft Security Blog

Learn what your peers think about Cisco NGIPS. Get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
670,523 professionals have used our research since 2012.
Related Questions
NC
Content Manager at PeerSpot (formerly IT Central Station)
Nov 3, 2022
Why should a company invest in IDPS?
See 2 answers
Beth Safire - PeerSpot reviewer
Tech Blogger
Sep 14, 2022
One of the more crucial components of a company's overall security plan is an IDPS. Since a typical company generates too much data for any human analyst to discover signs of intrusions, the IDPS detects intrusions and alerts security teams about events that need to be investigated. An IDPS performs auditing as well, and identifies vulnerabilities caused by configuration errors that are often missed by the human eye. Additionally, an IDPS may be able to identify suspicious traffic that might indicate an oncoming attack. The ability to detect and prevent a variety of threats that cannot be automatically identified by firewalls, antivirus software, and other organizational security controls is the most significant advantage offered by an IDPS. IDPS solutions combine a number of approaches to help prevent and detect attacks. Based on continuous monitoring over periods of time, IDPS systems generate analytics to create a baseline of typical activity; subsequent deviations from these baselines can signify attacks. This is especially useful for identifying distributed denial-of-service assaults, but it may also be used to spot malware inside an organization by looking for unusual patterns of network activity. While many network security measures can parse and examine email and web activity, they are unaware of the specific apps carried within web traffic. This greatly reduces their ability to detect application-borne attacks. A typical IDPS solution will have sophisticated application detection capabilities. IDPS can restrict the executables that can be run. Threat intelligence can also be provided to an IDPS, allowing it to restrict IP addresses, websites, URLs, or other organizations, depending on their previous activity.
GM
Baobab College logo System Administrator at Baobab College
Nov 3, 2022
In simple terms, it aid in the early detection of harmful behavior within a network. In my opinion, it gives an upper hand against any attcks... If configured properly and are using an excellent intrusion detection and prevention platform system, you can safely manage your network with less hustle
NC
Content Manager at PeerSpot (formerly IT Central Station)
Nov 3, 2022
Why do you recommend that particular solution?
See 2 answers
Beth Safire - PeerSpot reviewer
Tech Blogger
Sep 11, 2022
We are using Darktrace as our IDPS solution and are very satisfied with its features and capabilities. It is very user-friendly once you understand how it works and understand the type of permissions that you need in order to access your security network. Below are some of the main advantages of using Darktrace: Easy setup: The initial deployment is very straightforward. The setup of the solution takes probably under one hour. The only thing that we needed to set up Darktrace is a connection on the core switch with a mirror port and some space on the rack. After that, we connect the appliance to the core switch, and that's it. User-friendly: The user-interface is outstanding and provides you with a lot of information. You can see your entire network traffic and traces in 3D. I particularly like the real-time monitoring and analytics of our network. The reporting is great because there is a seven-day reporting period within the system. Every time you run the reports, it gives you the real-time data about the previous seven days. The reports give you a very clear picture of what is happening over the network on a real-time basis. Mobile monitoring: Darktrace also provides mobile monitoring. Using an app on your mobile phone, you can view your system information live. This is something that is very useful for area directors and field engineers. Scalability: If you need more appliances to support the infrastructure, Darktrace is very simple to scale. The only thing that needs to be done is to connect your appliances to your rack’s switch. Once it is on the main console, you just need to assign the roles to every new appliance, and you are set. Support: Technical support is excellent. The support has fast response times. You can contact them via email, WhatsApp messages, and more. They offer their support in many locations around the world so they are pretty much available 24/7. Threat detection: Darktrace plays an important part in our company’s security detection strategy. It dramatically reduces the time we spend detecting and resolving security issues. This is due to its wonderful user interface that displays all types of network logs in simple graphs and analyses.One of the most valuable features of Darktrace is the artificial intelligence and advanced machine learning capabilities they offer for cybersecurity. The solution can detect threats over the network before they spread. It also sends you notifications detailing what the threat is doing and gives you a lot of information about the execution of the application that created the threat over your network.Darktrace also has a library of local and international threat detections and how they were resolved. This information helps make Darktrace more proactive in dealing with threat alerts and detection. We find that this service is very comprehensive and can cover all security areas effectively. One improvement we would like to see is some endpoint protection for remote workers. Nowadays, most people are working remotely so they should include some type of sensor that can be installed on the endpoint in order to directly report the main usage and protect remote users.
GM
Baobab College logo System Administrator at Baobab College
Nov 3, 2022
We are using kerio control as a firewall and it has IDPS module which does a good. You can enable the log messages to check the intrusions been dropped at real time. I also like how it update its database like every after 10minutes or so.... 
Related Articles
CL
Senior IT Infrastructure Engineer at Tecnoage
Nov 5, 2021
Keeping up with the evolution of cybersecurity and the threats that are haunting the IT industry across all industries, this text pays special attention to ransomware, as this practice is on the rise in the world of cybercrime. Let's focus on the subject, specifically on the Healthcare sector. We are based on Sophos' annual report on cyber threats, which discusses the continuity of ransomware...
GG
IT Engineer at UTMStack
Aug 15, 2021
What is HIDS in Cybersecurity? A HIDS (Host Intrusion Detection System) is software that detects malicious behavior on the host. It monitors all the operating system operations, tracks user behavior, and operates independently without human assistance. How does a Host-based Intrusion Detection System work? HIDS operates at the OS level, unlike others antivirus systems that operate at the a...
See 1 comment
SB
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Aug 15, 2021
Thanks for sharing its very informative
Related Articles
CL
Senior IT Infrastructure Engineer at Tecnoage
Nov 5, 2021
An Overview of Ransomware in Healthcare Organizations in 2021
Keeping up with the evolution of cybersecurity and the threats that are haunting the IT industr...
GG
IT Engineer at UTMStack
Aug 15, 2021
What is HIDS? – A guide about the HIDS tools
What is HIDS in Cybersecurity? A HIDS (Host Intrusion Detection System) is software that detec...
Download Free Report
Download our free Cisco NGIPS Report and get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
DOWNLOAD NOW
670,523 professionals have used our research since 2012.