MITRE® for an Informed Defense

Use the ThreatDefend® Platform to implement a threat-informed defense based on the MITRE Engage Matrix and provide detection across the MITRE ATT&CK® Matrix.

A Deception Leader in MITRE Engenuity ATT&CK® Evaluation

Mitre-badge-participant

Attivo Networks, a SentinelOne Company, was a proud participant in the inaugural 2022 MITRE Engenuity ATT&CK® Deception Evaluation Trials.

AWARDS FOR ATTIVO NETWORKS SOLUTIONS

Overview

The MITRE corporation’s ATT&CK and Engage matrixes are knowledge bases that organizations can use to improve defenses. The ATT&CK knowledge base is used as a foundation to develop specific threat models and methodologies in the private sector, government, and the cybersecurity product and service community. MITRE Engage is an active defense knowledge base MITRE developed to capture and organize what is learned about active defense and adversary engagement to enable defenders.

Most security solutions cover the MITRE ATT&CK tactics in the early or later parts of the attack cycle. While the Attivo Networks ThreatDefend platform provides coverage across 11 of the 12 tactics in MITRE ATT&CK, it provides the most coverage for those that occur post-compromise – Credential Access, Discovery, Lateral Movement, Collection. These stages are where adversaries spend most of their time after they evade defenses and attempt to burrow deeper into the network and where traditional security controls struggle to detect their activity.

With the ThreatDefend platform, organizations gain visibility and detection into these tactics early in the attack cycle, displayed within the dashboard and the event views.

What is MITRE ATT&CK?

The MITRE ATT&CK knowledge base provides a foundation for developing specific threat models and methodologies across any sector or industry.

MITRE Att&ck

The Role of Attivo Within MITRE ATT&CK

The ThreatDefend platform provides potent threat detection and derailment mechanisms that address gaps left open and exploitable by attackers when adversaries successfully penetrate a perimeter defense. By adding the Attivo Networks® ThreatDefend® Platform to the security stack, organizations gain early and accurate eyes-inside-the-network visibility to attack techniques, sub-techniques, and other activities as documented in the MITRE ATT&CK Matrix. By deploying the ThreatDefend solution, organizations gain early detection and valuable insights to malicious actors that have bypass existing controls or perpetrators that are already inside the network.

Attivo Coverage Map

The chart below shows a collapsed MITRE ATT&CK coverage map of the techniques in bold and sub-techniques in italics that the ThreatDefend platform natively detects.

Attivo Coverage Map

Attivo Events Mapped to the ATT&CK Matrix

The Attivo dashboard provides events categorized by MITRE ATT&CK tactics to streamline analysis.

Attivo Events Mapped to the ATT&CK Matrix

MITRE DIY Testing

To support ATT&CK, MITRE recently began evaluating vendor products as a neutral authority for testing the ability of specific solutions to detect inbound attacks based on the framework. While MITRE does not rate or recommend tools, the methodology serves as a useful benchmark for comparison. MITRE’s evaluation methodology and all evaluation results are publicly available (https://attackevals.mitre.org/). Attivo Networks used the MITRE ‘Do It Yourself’ Evaluation Tool to test its EDN solution, which Attivo designed to quickly detect an attacker’s lateral movement and reduce its ability to propagate from a compromised endpoint. The test assessed the solution’s effectiveness against APT 29 attacks in combination with leading EDR solutions.

Attivo Boosts Detection by 42 %*

*Average improvement for combined scores.

*Average improvement for combined scores.

WHAT IS MITRE ENGAGE

Engage is informed by adversary behavior observed in the real world and is intended to drive strategic cyber outcomes. Engage was created to help the private sector, government, and vendor communities to plan and execute the use of adversary engagement strategies and technologies to enhance defensive posture.

The Engage Matrix below displays the relationships between the various Strategic and Engagement Goals, Approaches, and Activities. The top row of Engage lists the Goals, and each Approach and Activity falls under a goal. Approaches are the next row down, and all Activities get assigned to an Approach. Finally, Activities make up the remaining entries in Engage. Strategic Actions are in the far right and far left columns, with Engagement Actions in the central columns. By bookending Engagement Actions with Strategic Planning and Analysis, the goal is that MITRE Engage can help organizations better plan and implement real-world adversary engagement strategies and advance the cybersecurity ecosystem.

MITRE Engage

THE ROLE OF ATTIVO WITHIN MITRE ENGAGE

The Attivo Networks ThreatDefend® Platform offers extensive capabilities that cover goals, approaches, and activities listed in the MITRE Engage matrix. The platform capabilities range from simple deception and concealment strategies to full adversary engagement. The MITRE Engage matrix provides a valuable guide for understanding adversary engagement and how adversaries attack. By deploying the Attivo ThreatDefend platform to implement these goals, approaches, and activities, defenders increase detection coverage, strengthen prevention controls, redirect attack activities, and disrupt attacks. Using the ThreatDefend platform provides extensive coverage and a robust strategy for creating a threat-informed defense.

Attivo Mapping to MITRE Engage

The image below captures the overall coverage the platform provides to any defender. The orange highlighted cells are the activities that the Attivo ThreatDefend platform covers.

MITRE Engage Mapping
phone-icon

SPEAK TO A SECURITY SPECIALIST

Ready to find out what the Attivo Networks solution can do for your organization? Our security experts are standing by, ready to answer your questions.

“DOUBLING THE AMOUNT OF GAIN THAT I HAVE FROM MY TRADITIONAL SECURITY TOOLS”

DIRECTOR OF CYBERSECURITY AT LARGE AMERICAN UNIVERSITY

Content

Using MITRE Engage to Defend Against Ransomware
Attivo Networks Coverage for MITRE Engage
Playbook for Exercising Deception Based on MITRE ATT&CK® Framework

Resources

Solution Brief
Using a Commercial Deception Solution to Improve MITRE ATT&CK Test Results for Endpoint Security
Solution Brief
MITRE ATTACK: Augmenting Endpoint Defenses with the Attivo Networks® EDN Solution
Solution Brief
MITRE Engage 1.0 – A Structured Dance with Your Adversary

Spotlight

Attivo Networks® ThreatDefend Platform and the MITRE ATT&CK Matrix

Ready to find out what’s lurking in your network?

Scroll to Top