Supply chain security has been a top concern for risk management leaders ever since the high-profile attacks to SolarWinds and Log4j took place. While there's no one-size-fits-all way to identify, assess, and manage cyber risks in the supply chain, MITRE's System of Trust Framework offers a comprehensive, consistent, and repeatable methodology for evaluating suppliers, supplies, and service providers alike.

Threat detection and mitigation is one of the core responsibilities of a SOC. With cyberattacks becoming more sophisticated, it has become arduous for security analysts to secure their network from threats. Hybrid work and BYOD policies are making it more difficult for SOCs to keep track of network activities. Attackers continue to improvise new tactics and techniques to compromise an organization’s network.

As the frequency and complexity of cybersecurity threats continue to grow, it is becoming increasingly important for organizations to adopt advanced tools and techniques to protect themselves. One way to do this is by utilizing the MITRE attack framework (ATT&CK), a comprehensive taxonomy of common tactics, techniques, and procedures (TTPs) cyber attackers use to compromise information systems and steal data.

MITRE ATT&CK and MITRE D3FEND are both frameworks developed by the non-profit organization MITRE, but they serve different purposes. If you are new to the MITRE ATT&CK framework and would like to brush up on some of the concepts first, we created a Learn Cloud Native article to help you on your journey. If you want to go further, here’s how Falco’s Cloudtrail rules align with MITRE ATT&CK.

This blog will explain how Falco’s Cloudtrail plugin rules can be aligned with MITRE ATT&CK Framework for Cloud. One important note is that the team at MITRE has developed several different matrices to address the unique risk associated with adversaries in the cloud, in containerized workloads as well as on mobile devices.

This is part 2 of the blog series on the MITRE ATT&CK framework for container security, where I explain and discuss the MITRE ATT&CK framework. For those who are not familiar with what the MITRE framework is, I encourage you to read part 1. In my previous blog post, I explained the first four stages of the MITRE ATT&CK framework and the tactics used by adversaries to gain a foothold in the network or the environment within a containerized application. What happens next?

With hundreds of contributors, the MITRE ATT&CK Framework has become a vital resource of open source knowledge for the security industry. CISOs and cybersecurity professionals around the globe rely on the framework to increase their understanding about different cyber-attack tactics, techniques and procedures (TTPs). With insights about TTPs relevant to their specific platform or environment, organizations gain tremendous value to combat cyber threats.