Security News

There's a good reason everyone's talking about MITRE ATT&CK: it's an objective, third-party standard with which organizations can measure their own detection coverage, as well as the coverage provided by EDR solutions. Still, even while you appreciate ATT&CK, it's not always clear how you can use it to improve your own organizational security.

MITRE named Gerald Gilbert, Ph.D., a MITRE Fellow to expand MITRE's quantum science initiatives. MITRE Fellows are a select group of preeminent scientists in their fields who lead critically important programs.

Microsoft and MITRE, in collaboration with a dozen other organizations, have developed a framework designed to help identify, respond to, and remediate attacks targeting machine learning systems. The Adversarial ML Threat Matrix, which Microsoft has released in collaboration with MITRE, IBM, NVIDIA, Airbus, Bosch, Deep Instinct, Two Six Labs, Cardiff University, the University of Toronto, PricewaterhouseCoopers, the Software Engineering Institute at Carnegie Mellon University, and the Berryville Institute of Machine Learning, is an industry-focused open framework that aims to address this issue.

Seasoned cybersecurity pros will be familiar with MITRE. Known for its MITRE ATT&CK framework, MITRE helps develop threat models and defensive methodologies for both the private and public sector cybersecurity communities. MITRE recently added to their portfolio and released MITRE Shield, an active defense knowledge base that captures and organizes security techniques in a way that is complementary to the mitigations featured in MITRE ATT&CK. The MITRE Shield framework focuses on active defense and adversary engagement, which takes the passivity out of network defense.

The MITRE Corporation has taken the wraps off a knowledge base of common techniques and tactics that defenders can use to ensure their networks and assets are kept secure. Called MITRE Shield, the publicly available, free resource is aimed at cyber-experts looking to engage an active cyber defense and, similarly with MITRE ATT&CK, presents a series of active defense concepts.

McAfee introduced MITRE ATT&CK into McAfee MVISION Cloud, the company's Cloud Access Security Broker, delivering a precise method to hunt, detect and stop cyberattacks on cloud services. This new integration gives SecOps teams a direct source of cloud vulnerabilities and threats mapped to the tactics and techniques of ATT&CK. McAfee is the first CASB provider to tag and visualize cloud security events within an ATT&CK. "Many SecOps teams leverage repeatable processes and frameworks such as ATT&CK to mitigate risk and respond to threats to their endpoints and networks, but so far cloud threats and vulnerabilities have presented an unfamiliar paradigm," said Rajiv Gupta, senior vice president and general manager of Cloud Security, McAfee.

MITRE's Center for Technology & National Security, created to enhance MITRE's engagement with senior government leadership, named five highly esteemed national security officials to its newly established advisory board. "CTNS builds on the experience and expertise of thousands of our nation's most respected scientific and engineering minds," said Bill LaPlante, senior vice president for the MITRE National Security Sector.

Guardicore unveiled new capabilities for its open source Infection Monkey breach and attack simulation tool, used by thousands to review and analyze how their environments may be vulnerable to lateral movement and attacks. The latest version of Guardicore Infection Monkey now maps its actions to the MITRE ATT&CK knowledge base, providing a new report with the utilized techniques and recommended mitigations, to help security and network infrastructure teams simulate APT attacks and mitigate real attack paths intelligently.

Guardicore's open source breach and attack simulation platform Infection Monkey now maps its attack results to the MITRE ATT&CK framework, allowing users to quickly discover internal vulnerabilities and rapidly fix them. Infection Monkey operates within organizations' existing environments, whether cloud, on prem, hypervisors or containers, and finds and maps lateral movement paths through the environment using real world exploits.

"This allows me to understand the potential avenues for attack," explained Harber, "And allows me to improve the overall security of the network. Patching, for example. I may not be able to patch everything, but the risk simulation can highlight areas that I really ought to patch to protect downstream high value assets; or perhaps apply additional deception decoys and breadcrumbs along the potential attack route." The risk simulator, potentially enhanced by knowledge of possible TTPs gleaned from the MITRE ATT&CK mapping where an intruder has already been detected on an endpoint, allows the analysts to engage in a variation of red team/blue team defending without the need to employ a separate white hat red team.