Security News > 2021 > June >

2021-06-08 03:00

CISA has partnered with the Homeland Security Systems Engineering and Development Institute, which worked with the MITRE ATT&CK team, to issue guidance to help cyber threat intelligence analysts make better use of MITRE ATT&CK. MITRE ATT&CK is a knowledge base of adversary information widely used by network defenders as they analyze and report on security threats.

A solid understanding of how to apply ATT&CK can be used to develop adversary profiles; conduct activity trend analyses; and be incorporated into reporting for detection, response, and mitigation purposes, the document states.

"In addition to helping agencies and organizations strengthen their cyber defenses, CISA is also focused on supporting their efforts to build appropriate resilience in the event of a compromise," said Eric Goldstein, executive assistant director for cybersecurity, CISA. "Our close and collaborative partnership with HSSEDI enabled us to produce a valuable resource to help entities apply ATT&CK, a framework that can build cyber defenses and resilience. We look forward to exploring more opportunities with HSSEDI and like-minded partners."

While ATT&CK is used by more than 80 percent of enterprises, a recent study indicated that many security professionals struggle to take full advantage of the knowledge base.

"It has been great to partner with CISA as it applies ATT&CK, and I'm so pleased that they're sharing their experience so that the whole community can benefit," said John Wunder, cybersecurity operations principal in HSSEDI. "A better understanding of ATT&CK can help people focus on watching for adversary behavior as they defend their networks, rather than just searching for indications of compromise."

"The MITRE ATT&CK team and I were glad to support HSSEDI in the development of this guide with CISA. I am confident that this guide will help users more effectively map cyber threat intelligence to ATT&CK," said Adam Pennington, MITRE ATT&CK lead..


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/yrqMJPmz0Ao/

Related news