Active Directory (AD) handles sensitive organization data like user credentials, personal information of employees, security permissions, and more. Because of this, AD is prone to being targeted by cyber attackers. Malicious actors are constantly coming up with new attack strategies, making it a challenge for organizations to secure their AD environment. This is why it’s essential that every organization formulates a cyber defense strategy to combat cyber threats and protect their AD.

As innovations in the world of application development and data computation grow every year, the “attack surface” of these technologies grows as well. The attack surface has to be understood from two sides—from the attacker’s side and from the organization being attacked.

As organizations continue to move their business operations into the cloud, the expanded attack surface generated by the “digital transformation” continues to present new opportunities for threat actors. Luckily, strategies to mitigate these new risks do exist and, as always, these center around the techniques and tactics of the adversaries.

MITRE is a world-renowned research organization that aims to help build a safer world. It is probably best known in the information security industry for being the organization behind the industry-standard CVE (Common Vulnerabilities and Exposures) list. Each entry on the list is supposed to include an explanation of how the vulnerability could be exploited. These attack vectors are tracked and defined in another well-known knowledge base called ATT&CK, which is also maintained by MITRE.

CrowdStrike is now a Research Partner with the MITRE Engenuity Center for Threat-Informed Defense, joining a select list of cybersecurity companies and research foundations to take a hands-on approach to transforming state-of-the-art, threat-informed defense against sophisticated adversaries into a state of practice for organizations. Building on its previous role as Research Sponsor, CrowdStrike is reaffirming its commitment to fostering an open and collaborative security ecosystem.

With a threat landscape expanding at an accelerated pace, it is next to impossible for any organization to even keep track of and monitor the volume, frequency, complexity, and breadth of the attack techniques and tactics out there. But to effectively tackle threats and protect mission-critical assets, the knowledge of these common attack techniques, tactics, detection, and mitigation is critical. This is where MITRE ATT&CK is especially useful.

In the recent ​​MITRE Engenuity ATT&CK Enterprise Evaluation, CrowdStrike demonstrated the power of its unified platform approach to stopping breaches. Facing attack emulations from the highly sophisticated WIZARD SPIDER and VOODOO BEAR (Sandworm Team) adversaries, the CrowdStrike Falcon® platform: The results show that CrowdStrike stands alone in providing a unified approach to stopping adversaries from progressing attacks.

In the recent MITRE Engenuity ATT&CK Enterprise Evaluation — which emulated today’s two most sophisticated Russian-based adversaries, WIZARD SPIDER and VOODOO BEAR (Sandworm Team) — CrowdStrike Falcon achieved 100% automated prevention across all of the evaluation steps.

Hey There, Recently we ran a webinar ( English | German | French) in which we showed how Security Operations Teams can plan based on the MITRE ATT&CK Navigator, a threat-centric defense strategy. We also demonstrated how to operationalize it with content from the Splunk Security Essentials app via Splunk Enterprise Security. We received so many questions from attendees during the session that we weren’t able answer them all.