The MITRE shared the list of the 2022 top 25 most common and dangerous weaknesses, it could help organizations to assess internal infrastructure and determine their surface of attack. The presence of these vulnerabilities within the infrastructure of an organization could potentially expose it to a broad range of attacks. “Welcome to the 2022 Common Weakness Enumeration […]

We all know that cyberthreats have become more frequent, stealthier and more sophisticated. What’s more, the traditional, reactive approach to detecting threats by hunting indicators of compromise (IoCs) using markers like IP addresses, domains and file hashes is quickly becoming outdated—threats are only detected once a compromise is achieved and attackers are readily able to alter these markers to evade detection. To overcome this issue, the cybersecurity community came up with the concept of anomaly-based detection, a […]

MITRE ATT&CK for dummies How to Improve Threat Detection and Hunting in the AWS Cloud Using the MITRE ATT&CK® Matrix

Unmasking/Uncovering the Real Insider Threat According to the Verizon 2021 Data Breach Investigations Report, insiders are responsible for around 22% of security incidents. That is clearly a significant number and insider threats are quickly becoming one of the most common cybersecurity threats organizations face today. The challenge that continues to remain high with insider threats is […]

Historically, vulnerability management and threat management have been separate disciplines, but in a risk-focused world, they need to be brought together. Defenders struggle to integrate vulnerability and threat information and lack a consistent view of how adversaries use vulnerabilities to achieve their goals. Without this context, it is difficult to appropriately prioritize vulnerabilities. To bridge […]

MITRE Corporation has released the tenth version of ATT&CK, its globally accessible (and free!) knowledge base of cyber adversary tactics and techniques based on real-world observations. Version ten comes with new Data Source objects, new and changed techniques in its various matrices, key changes to facilitate hunting in ICS environments, and more. MITRE ATT&CK v10 […]

MITRE Engenuity has released ATT&CK Workbench, an open source tool that allows organizations to customize their local instance of the MITRE ATT&CK database of cyber adversary behavior. The tool allows users to add notes, and create new or extend existing objects – matrices, techniques, tactics, mitigations, groups, and software – with new content. It also allows them to share […]

We’re excited to announce the official release of ATT&CK for Containers! This release marks the culmination of a Center for Threat-Informed Defense (Center) research project sponsored by Citigroup, JPMorgan Chase, and Microsoft that investigated the viability of adding container-related techniques into ATT&CK. This investigation led to developing a draft of an ATT&CK for Containers matrix, which we contributed to […]

When selecting an attack detection solution, no single product will provide the adequate detection needed that is required to detect and defend against the current advanced threat landscape. The holistic aspect of defending against threat actors requires technology, expertise, and intelligence. The technology should be a platform of integrated technologies providing detection at each point […]

Ismael Valenzuela (McAfee/SANS) and Vicente Diaz (Threat Intel Strategist at Virustotal) SANS Institute‘s #SEC530 course co-authored by Ismael Valenzuela (@aboutsecurity), providing students access to VTIntelligence to help them make TTPs actionable. MITRE Enterprise ATT&CK Framework Comparing Layers in ATT&CK Navigator – MITRE ATT&CK®

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. With the creation of ATT&CK, MITRE is fulfilling […]

A recent article from Gartner states that, “Audit Chiefs Identify IT Governance as Top Risk for 2021.” I agree that IT governance is important but I question how much does the IT governance board understand about the day to day tactical risks such as the current threats and vulnerabilities against a companies attack surface? How […]

MITRE ATT&CK matrices MITRE ATT&CK is a tool to help cybersecurity teams get inside the minds of threat actors to anticipate their lines of attack and most effectively position defenses. MITRE ATT&CK works synergistically with FAIR to refine a risk scenario (“threat actor uses a method to attack an asset resulting in a loss”). Enter […]

Use ATT&CK to map defenses and understand gaps The natural inclination of most security teams when looking at MITRE ATT&CK is to try and develop some kind of detection or prevention control for each technique in the enterprise matrix. While this isn’t a terrible idea, the nuances of ATT&CK make this approach a bit dangerous […]