思博伦环形标志
网络安全

Unlocking Cyber Threat Intelligence with MITRE ATT&CK™ Industry Frameworks

作者:

Security frameworks such as MITRE ATT&CK™ are integrated with Spirent CyberFlood inherent capabilities, helping organizations assess the effectiveness of their security controls safely and continuously to gain insights into threat coverage across those policies.

Proactive cybersecurity assessment may be one of the best defenses available against ever-growing cyber threats. One of the areas that has had a significant impact on an organization’s ability to improve overall cybersecurity is tapping into emerging cyber threat intelligence information. Threat intelligence is certainly not a new topic, but there are recent promising technology trends to solve the many challenges in that area.

Gartner defines threat intelligence as “Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard." The ultimate cyber threat intelligence information would not only give organizations the ability to proactively identify vulnerabilities in the network, but would also offer actions to prevent or hinder the attacks. There are several industry projects and initiatives that take a foundational approach rather than narrowly focusing on certain tools or class of vulnerabilities.

Two recent influential initiatives in this arena include the MITRE ATT&CK and NetSecOPEN frameworks.

MITRE ATT&CK™ (Adversarial Tactics, Techniques & Common Knowledge) is mainly a knowledge base of adversary behavior intended to help those organizations that want to move towards a threat-informed defense. The solution addresses four key use cases: threat intelligence, detection and analytics, adversary emulation as well as assessment and engineering.

MITRE released ATT&CK to the public in May of 2015 and has expanded quite significantly over past few years. It is now in use by many different government organizations and industry sectors. ATT&CK is open and available to any person or organization at no charge, providing shared understanding of adversary tactics, techniques, and procedures. It delivers insight on how to detect, prevent and mitigate attacks, as well as associated groups of malicious actors.

MITRE organizes vulnerabilities using these categories:

  • Tactics: The “why,” describing goal of the attacker

  • Techniques and sub techniques: The “how,” describing actions taken by adversary to achieve tactical objectives

  • Mitigations: Methods of addressing specific technique

  • Groups: Cluster of adversary activity and tracked by a common name in the security community (such as APT29 which contains the threats associated with the devastating SolarWinds attack)

Approaches taken by industry security frameworks are important components of the toolbox for today’s security specialists. They would probably, however, need to be complemented with other solutions that are part of organization’s cybersecurity. In order to take the benefits of frameworks such as MITRE ATT&CK™ to the next level, it is vital to have these industry framework solutions with linkages to other elements of the network validation offerings (e.g. performance, scalability and cyber threat assessments).

CyberFlood CyberThreat Assessment MITRE ATT&CK Industry Frameworks

CyberFlood (CF) is an emulation-based solution that proactively provides in-depth assessment of network performance, scalability, and cybersecurity posture. CyberThreat Assessment (CTA) functionality within CyberFlood includes real-world attacks, applications, and evasion technique emulations as well as industry security frameworks and sensitive data exfiltration (DLP) scenarios with complete logical network topology to validate end-to-end security efficacy of the security solutions in a pre-production lab and/or sandbox settings.

Furthermore, industry frameworks such as MITRE ATT&CK™ are integrated with CyberFlood inherent capabilities, enabling the Spirent TestCloud content to be organized to align with the framework which helps organizations assess the effectiveness of their security controls safely and continuously to gain insights into threat coverage across those policies.

CyberFlood groups tactics, techniques, and groups of malicious actors, allowing users to assess based on specific breach and attack areas.

Users can map associated test results using MITRE ATT&CK to hone in on problem areas or hacker tactics and techniques of concern.

In summary, using CyberFlood and CTA MITRE ATT&CK industry frameworks as the basis of security assessment and reporting brings real-world global observations and standards to validation of your pre-production networks.

Learn how Spirent CyberFlood CyberThreat Assessment can help in assessing the strength of your organization’s security posture.

喜欢我们的内容吗?

在这里订阅我们的博客

博客订阅

标签网络安全
Reza Saadat
Reza Saadat

高级技术营销工程师,应用与安全部

Reza Saadat是思博伦应用与安全部的高级技术营销工程师,在计算机和数据通信技术方面拥有超过25年经验。在思博伦,Reza与产品管理、工程和销售团队合作,为网络设备制造商、企业和运营商推出最新的尖端应用和安全测试解决方案。他全面深入的行业、市场及软件开发知识以及协作设计与开发能力促成了众多硬件和软件解决方案的诞生——这些解决方案已在IBM、思科等各大公司得到了成功发布。