CIOs acknowledge that security profiles were constantly under malicious attacks, MITRE create a global knowledgebase, ATT&CK
The number of cyber-attacks on organizations has increased significantly during the pandemic as employees shifted to remote work environments. The American NGO MITRE had previously come up with Adversarial Tactics, Techniques & Common Knowledge (ATT&CK).
It is designed to provide the cybersecurity vertical a knowledge base of nefarious techniques and tactics designed from real-world insights and will be available globally.
CIOs say that the knowledge base will serve as the foundation for creating focused threat methodologies and models for the enterprises, cybersecurity service and product environment, and the defense vertical. IT leaders point out that most organizations lack clear visibility into their liabilities.
Attackers have an unfair advantage and can easily compromise an organization by simply manipulating any vulnerability. Organizations are however required to detect all the liabilities and secure the network.
CISOs point out that the ATT&CK platform will be helpful in the documentation of the nefarious actors, their tactics, and methods based on data collected from previous attacks on organizations across the world.
IT leaders use the framework to detect liabilities in the enterprise security network and assign priority to them, based on the risk level. ATT&CK plays a major role in ensuring better visibility of threats, higher security coverage, and controls automation.
The ATT&CK framework is useful for mitigation, as it targets the measures used by hackers at each level of the attack – starting with observation to initial access, and escalation of privileges, right up to infiltrate the network and finally the attack itself.
Analysts in the security department can utilize the ATT&CK segments to identify patterns, which will help them to detect the evolution of tools and the main perpetrators behind such attacks.
Boosting security coverage
CISOs feel such proactive measures can be taken when patterns are detected. Steps can be set up to fortify the defenses against specific attacks, techniques, and tools relevant to the identified vulnerabilities. Organizations are generally concerned with such focused threats because of either their presence in the targeted industry or an earlier attack.
The framework can be used to identify and document common techniques used by hackers. Such documentation helps assessment of existing security profiles to detect any liability and ensure that deployed response measures are capable of handling any further attacks.
Such records enable proper duplication of the hacker’s tactics, techniques, and procedures (TTP) while conducting penetration tests. They can share data with the blue teams that work to strengthen the organization’s security measures based on hackers’ TTP.
Streamline response measures
IT leaders say that the MITRE ATT&CK platform can be deployed to calculate and analyze an automaton of threat identification, and response features. Such functionalities allow organizations to employ their security teams in smarter ways for the implementation of automation to identify attacks and prevent potential attacks.
It is better to use the red teams to emulate risks based on the security threat profiles to push the limits of the security architecture. Once gaps are identified, necessary measures are taken to mitigate the potential breach.
CISOs point out that the framework is updated regularly and hence will prove to be a valuable asset for the organizational security architecture.