Driving Threat Intelligence Towards the Most Critical Threats Using MITRE ATT&CK Navigator | Cyware Blog
The MITRE ATT&CK framework is a definitive collection of attack tactics and techniques that are used by threat actors to breach an organization’s network and systems. It serves as an important benchmark to classify and analyze attacks and assess an organization’s security risk profile. The Cyware Threat Intelligence Exchange (CTIX) now integrates the latest MITRE ATT&CK framework, along with support for Sub-techniques and matrices for different ATT&CK environments such as Mobile, Cloud, and Enterprise.
How CTIX integrates the MITRE ATT&CK framework
By going to the ATT&CK Navigator in CTIX, analysts can browse through the MITRE ATT&CK matrix and view key information about the different attack techniques as well as sub-techniques that explain the implementation of a technique in detail.
- The ATT&CK Navigator gives a quick overview of the object statuses, popular techniques observed, and the popular MITRE-listed threat actors detected.
- Using the ATT&CK matrix, for each technique, analysts can view the affected platforms, data sources, associated malware, the defenses it can bypass, and the required mitigation and detection methods.
- It also shows the indicators, malware, threat actors, or incidents related to the technique, along with examples and further references. By visiting the ‘Relations’ tab, analysts can use the Threat Visualizer to view the IOCs associated with a specific technique in a much better way.
- Analysts can switch between Enterprise and Mobile ATT&CK matrix to view different sets of techniques that affect corresponding assets, and switch to the ATT&CK Heatmap view for a color-coded representation of critical tactics and techniques.
- Analysts can also search for specific top-level techniques or sub-techniques associated with particular platforms, threat actors, software, and log data sources.
- Furthermore, analysts can add custom layers with their chosen techniques, sub-techniques, and more.
How does this help you?
- With the integration of the updated MITRE ATT&CK framework, CTIX users benefit greatly from the clear classification of threats that enables analysts to better assess the coverage of an attack technique with their existing defenses.
- It helps organizations improve the monitoring of threats across different environments, be it their on-premise infrastructure, cloud networks, mobile assets, or anything in between.
- The improved usability and design features of the ATT&CK Navigator helps analysts save time by focusing their attention on the most critical threats facing their organization.
The bottom line
The continuously evolving threat landscape requires organizations to be on their toes to meet the challenges posed by novel threat actor tactics and techniques. The updated ATT&CK Navigator in CTIX 2.7 gives you a clear picture of the areas in your cybersecurity posture that need to be worked upon, thereby accelerating and improving your threat detection and response capabilities.
Posted on: December 14, 2020
Originally published at https://cyware.com.