Security | Threat Detection | Cyberattacks | DevSecOps | Compliance



Threat hunting 101: Leveraging MITRE ATT&CK framework for extended threat detection

Threat detection and mitigation is one of the core responsibilities of a SOC. With cyberattacks becoming more sophisticated, it has become arduous for security analysts to secure their network from threats. Hybrid work and BYOD policies are making it more difficult for SOCs to keep track of network activities. Attackers continue to improvise new tactics and techniques to compromise an organization’s network.

Mapping the MITRE ATT&CK Framework to API Security

APIs have emerged as the leading attack vector and attack surface most targeted by cybercriminals. That's why it's important to understand the tactics and techniques used by attackers while they're targeting APIs. In this video, we help you achieve this level of understanding by mapping the MITRE ATT&CK framework to API security attacks.

Cyber Risk Quantification based on the MITRE ATT&CK Framework

As the frequency and complexity of cybersecurity threats continue to grow, it is becoming increasingly important for organizations to adopt advanced tools and techniques to protect themselves. One way to do this is by utilizing the MITRE attack framework (ATT&CK), a comprehensive taxonomy of common tactics, techniques, and procedures (TTPs) cyber attackers use to compromise information systems and steal data.

Automating Security and Defensive Framework to MITRE Standards

Learn how to standardize your team's response and implement it consistently through new approaches and updated tools. Enterprise Strategy Group and Torq experts look at how security automation platforms can put world-class security strategies within reach of any team, regardless of size or maturity level.

MITRE ATT&CK and D3FEND for Cloud and Containers

MITRE ATT&CK and MITRE D3FEND are both frameworks developed by the non-profit organization MITRE, but they serve different purposes. If you are new to the MITRE ATT&CK framework and would like to brush up on some of the concepts first, we created a Learn Cloud Native article to help you on your journey. If you want to go further, here’s how Falco’s Cloudtrail rules align with MITRE ATT&CK.

Mapping the MITRE ATT&CK Framework to API Security

API attacks include many of the tactics, techniques, and procedures (TTPs) identified in the MITRE ATT&CK framework. This white paper analyzes and maps three common API attack scenarios to the TTPs found in the MITRE Enterprise Matrix. By understanding how the MITRE ATT&CK TTPs relate to API security threats, security leaders can: Download now to learn how to defend against API attacks by leveraging this well-known security framework.

Aligning Falco's Cloudtrail Rules with MITRE ATT&CK

This blog will explain how Falco’s Cloudtrail plugin rules can be aligned with MITRE ATT&CK Framework for Cloud. One important note is that the team at MITRE has developed several different matrices to address the unique risk associated with adversaries in the cloud, in containerized workloads as well as on mobile devices.

salt security

Mapping the MITRE ATT&CK Framework to API Security

With hundreds of contributors, the MITRE ATT&CK Framework has become a vital resource of open source knowledge for the security industry. CISOs and cybersecurity professionals around the globe rely on the framework to increase their understanding about different cyber-attack tactics, techniques and procedures (TTPs). With insights about TTPs relevant to their specific platform or environment, organizations gain tremendous value to combat cyber threats.


The MITRE ATT&CK framework explained: Discerning a threat actor's mindset

This is part 2 of the blog series on the MITRE ATT&CK framework for container security, where I explain and discuss the MITRE ATT&CK framework. For those who are not familiar with what the MITRE framework is, I encourage you to read part 1. In my previous blog post, I explained the first four stages of the MITRE ATT&CK framework and the tactics used by adversaries to gain a foothold in the network or the environment within a containerized application. What happens next?