The threat landscape has evolved rapidly in recent years due to major changes in the way organizations operate and adopt new technologies. Cloud services such as Software-as-a-Service (SaaS) and Infrastructure-as-a-Service (IaaS) have seen massive growth over the last decade. With accelerated digital transformation, increased remote working and cloud adoption, the attack surface has increased for most organizations.
In the world of cybersecurity, have you ever wondered about the inner workings of threat actors as they attempt to breach systems, their methods, tactics, and strategies, and how they seamlessly converge to execute a successful attack? It's not merely about initiating an attack but also the strategies they utilize to remain concealed within the system, allowing them to persistently operate and ultimately achieve their goals.
MITRE ATT&CK Reconnaissance (TA0043) techniques section maps out how threat actors gather information about potential targets. Like other ATT&CK tactics (like initial access and lateral movement), reconnaissance provides useful threat intelligence on adversary tactics, techniques, and procedures (TTPs). It is a realistic approximation of what will happen if you become a target.
Picture this: Your CEO comes into your office and asks, “What’s our security posture, and where’s our greatest area of risk? I’m particularly worried about this new emerging threat group. What defenses or detections do we have around that?” You: “…” Enter the MITRE ATT&CK® framework and Devo’s MITRE ATT&CK Adviser app—built to help you tell the business where your risks are and what it would take to address them.
The MITRE ATT&CK framework is one of the most commonly used resources within the SafeBreach platform. At SafeBreach’s 2023 Validate Summit—an event that brings security experts together to discuss challenges and best practices in proactive cybersecurity—SafeBreach Co-Founder and CTO Itzik Kotler sat down with Frank Duff, the Chief Innovation Officer at Tidal Cyber, to discuss threat informed defense and MITRE ATT&CK.
In a recent blog, we covered the basics of breach and attack simulation (BAS) and MITRE ATT&CK, including the challenges security teams often face when attempting to utilize the ATT&CK framework and how BAS can help. Now, it’s time to get more specific. In this installment of our latest series, we’ll discuss the ways organizations typically leverage BAS and MITRE ATT&CK for threat-informed defense.