MITRE® for an Informed Defense
Use the ThreatDefend® Platform to implement a threat-informed defense based on the MITRE Engage Matrix and provide detection across the MITRE ATT&CK® Matrix.
Overview
The MITRE corporation’s ATT&CK and Engage matrixes are knowledge bases that organizations can use to improve defenses. The ATT&CK knowledge base is used as a foundation to develop specific threat models and methodologies in the private sector, government, and the cybersecurity product and service community. MITRE Engage is an active defense knowledge base MITRE developed to capture and organize what is learned about active defense and adversary engagement to enable defenders.
Most security solutions cover the MITRE ATT&CK tactics in the early or later parts of the attack cycle. While the Attivo Networks ThreatDefend platform provides coverage across 11 of the 12 tactics in MITRE ATT&CK, it provides the most coverage for those that occur post-compromise – Credential Access, Discovery, Lateral Movement, Collection. These stages are where adversaries spend most of their time after they evade defenses and attempt to burrow deeper into the network and where traditional security controls struggle to detect their activity.
With the ThreatDefend platform, organizations gain visibility and detection into these tactics early in the attack cycle, displayed within the dashboard and the event views.
What is MITRE ATT&CK?
The MITRE ATT&CK knowledge base provides a foundation for developing specific threat models and methodologies across any sector or industry.
The Role of Attivo Within MITRE ATT&CK
The ThreatDefend platform provides potent threat detection and derailment mechanisms that address gaps left open and exploitable by attackers when adversaries successfully penetrate a perimeter defense. By adding the Attivo Networks® ThreatDefend® Platform to the security stack, organizations gain early and accurate eyes-inside-the-network visibility to attack techniques, sub-techniques, and other activities as documented in the MITRE ATT&CK Matrix. By deploying the ThreatDefend solution, organizations gain early detection and valuable insights to malicious actors that have bypass existing controls or perpetrators that are already inside the network.
Attivo Coverage Map
The chart below shows a collapsed MITRE ATT&CK coverage map of the techniques in bold and sub-techniques in italics that the ThreatDefend platform natively detects.
Attivo Events Mapped to the ATT&CK Matrix
The Attivo dashboard provides events categorized by MITRE ATT&CK tactics to streamline analysis.
MITRE DIY Testing
To support ATT&CK, MITRE recently began evaluating vendor products as a neutral authority for testing the ability of specific solutions to detect inbound attacks based on the framework. While MITRE does not rate or recommend tools, the methodology serves as a useful benchmark for comparison. MITRE’s evaluation methodology and all evaluation results are publicly available (https://attackevals.mitre.org/). Attivo Networks used the MITRE ‘Do It Yourself’ Evaluation Tool to test its EDN solution, which Attivo designed to quickly detect an attacker’s lateral movement and reduce its ability to propagate from a compromised endpoint. The test assessed the solution’s effectiveness against APT 29 attacks in combination with leading EDR solutions.
Attivo Boosts Detection by 42 %*
*Average improvement for combined scores.
WHAT IS MITRE ENGAGE
Engage is informed by adversary behavior observed in the real world and is intended to drive strategic cyber outcomes. Engage was created to help the private sector, government, and vendor communities to plan and execute the use of adversary engagement strategies and technologies to enhance defensive posture.
The Engage Matrix below displays the relationships between the various Strategic and Engagement Goals, Approaches, and Activities. The top row of Engage lists the Goals, and each Approach and Activity falls under a goal. Approaches are the next row down, and all Activities get assigned to an Approach. Finally, Activities make up the remaining entries in Engage. Strategic Actions are in the far right and far left columns, with Engagement Actions in the central columns. By bookending Engagement Actions with Strategic Planning and Analysis, the goal is that MITRE Engage can help organizations better plan and implement real-world adversary engagement strategies and advance the cybersecurity ecosystem.
THE ROLE OF ATTIVO WITHIN MITRE ENGAGE
The Attivo Networks ThreatDefend® Platform offers extensive capabilities that cover goals, approaches, and activities listed in the MITRE Engage matrix. The platform capabilities range from simple deception and concealment strategies to full adversary engagement. The MITRE Engage matrix provides a valuable guide for understanding adversary engagement and how adversaries attack. By deploying the Attivo ThreatDefend platform to implement these goals, approaches, and activities, defenders increase detection coverage, strengthen prevention controls, redirect attack activities, and disrupt attacks. Using the ThreatDefend platform provides extensive coverage and a robust strategy for creating a threat-informed defense.
Attivo Mapping to MITRE Engage
The image below captures the overall coverage the platform provides to any defender. The orange highlighted cells are the activities that the Attivo ThreatDefend platform covers.
SPEAK TO A SECURITY SPECIALIST
Ready to find out what the Attivo Networks solution can do for your organization? Our security experts are standing by, ready to answer your questions.
“DOUBLING THE AMOUNT OF GAIN THAT I HAVE FROM MY TRADITIONAL SECURITY TOOLS”
— DIRECTOR OF CYBERSECURITY AT LARGE AMERICAN UNIVERSITY
Content
Spotlight
Attivo Networks® ThreatDefend Platform and the MITRE ATT&CK Matrix