Security News > 2021 > June > Microsoft hooks up with MITRE to map Azure's ATT&CK surface for 'proactive security'
MITRE's Centre for Threat-Informed Defence and Microsoft have jointly rolled out Security Stack Mappings for Azure, aimed at bringing the former's Adversarial Tactics, Techniques, and Common Knowledge framework into the latter's cloud platform - with rival platforms to follow.
The deal made Azure the first cloud platform to actively link to ATT&CK by mapping in-built security controls to the framework.
"With these resources we have established the foundation for systematically mapping security controls to ATT&CK and provided a critical resource for organisations to assess their Azure security control coverage against real-world threats as described in the ATT&CK knowledge base."
The project, dubbed Security Stack Mappings, sees each of the security controls provided by Microsoft's Azure platform mapped to ATT&CK threat techniques - in some cases, more than one.
"The mappings between the Azure security stack and ATT&CK establish a foundation for future innovation," Amon and Baker confirmed.
"Combining the framework with Azure serves up an extra layer of protection for organisations. As Microsoft and the rest of the industry now have a reliable way of repeatedly adding on the mapping of built in security controls, it will inevitably help against ATT&CK techniques."
News URL
https://go.theregister.com/feed/www.theregister.com/2021/06/30/microsoft_mitre_azure/
Related news
- Microsoft Copilot for Security prepares for April liftoff (source)
- Microsoft’s Security Copilot Enters General Availability (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft fixes Outlook security alerts bug caused by December updates (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- Microsoft squashes SmartScreen security bypass bug exploited in the wild (source)
- Microsoft and Security Incentives (source)
- Microsoft releases Exchange hotfixes for security update issues (source)