Security News > 2021 > September > Holy Grail of Security: Answers to ‘Did XYZ Work?’ – Podcast

Holy Grail of Security: Answers to ‘Did XYZ Work?’ – Podcast
2021-09-07 12:00

"Experts have embraced the merging of the two frameworks. John Bambenek, threat intelligence advisor at IT service management company Netenrich, told Threatpost that as it is, ATT&CK hasn't really shown security team what needs to be done,"besides buy more security products.

"One of the holy grails of security is 'Are we doing a good job at X?'" he said during a recent visit to the Threatpost podcast.

Lisa Vaas: My guests today are Rich Struse, director of MITRE Engenuity Center for Threat Informed Defense - that's CTID - and Alex Pinto, team lead of Verizon Data Breach Investigations Report: the very famous DBIR. They're here to discuss a recently announced R&D project from CTID that's supported by CTID members Verizon, the Center for Internet Security and Siemens AIG. The project is to connect VERIS, which stands for Verizon's Vocabulary for Event Recording and Incident Sharing and which is the framework that generates its famous DBIR, and the when and how described in MITRE ATT&CK. Rich and Alex are here to discuss this news and how connecting two of the most important cyber frameworks in the world can benefit security teams.

One of the things that we were barely touching on, which is one of the holy grails of security, is "Are we doing a good job at X?" If you look at the way the DBIR is put together, it's all about the failures.

You then use this mapping we're talking about today to map that, to attack techniques and sub- techniques, you can now, using other freely available go and say, "All right, if I care about this TTP, this particular tactic and technique and procedure, what are the NIST 853 controls that I should be looking at?" Or "What are the Azure security capabilities?" So the AWS security capabilities leveraging the work that the center has done.

You know, our perspective is we're trying to continually build out this knowledge graph that is available to the community, so that individual defenders don't have to go and do that knowledge discovery themselves, that they can actually leverage whether it's the mapping from VERIS to ATT&CK or the mapping from ATT&CK to the NIST framework or to particular security capabilities in the cloud, whatever it is, we're trying to make that much more systematic.


News URL

https://threatpost.com/holy-grail-of-security-answers-to-did-xyz-work-podcast/169192/