See How Secureworks® Covers MITRE ATT&CK® Framework TTPsNew Taegis™ XDR Adversary Software Coverage (ASC) Tool By: Michael Rosen - Director of Technical Marketing
- Taegis XDR Adversary Software Coverage tool shows granular detection visibility against real threats as mapped by the MITRE ATT&CK framework.
- MITRE ATT&CK is the common language adopted by the InfoSec community across security tools.
- Taegis XDR covers more than 90% of TTPs across all categories of the MITRE framework.
- Taegis XDR provides deep actionable insights into breaches and streamlines incident response.
Secureworks makes transparent MITRE coverage accessible to everyone
How good is Taegis XDR at detecting attacker tactics, techniques and procedures (TTPs)? You can now see for yourself using our brand new Taegis XDR Adversary Software Coverage (ASC) Tool. The ASC tool maps over 500 unique adversarial software types against the MITRE ATT&CK framework, including ATT&CK v9 which debuted on April 29, 2021. Our ASC tool is open to the public, fully interactive for the user, and deeply granular in its coverage mappings of the actual techniques and sub-techniques utilized by the adversaries. This sets it apart from similar tools other security companies have developed to show MITRE visibility.
Why MITRE Matters
The non-profit MITRE Corporation has successfully established its ATT&CK Matrix for Enterprise as the common language spoken throughout the InfoSec community. This wide adoption of a single standard is clear in security tools across the spectrum of capabilities and markets—from endpoint, to network, to cloud, to mobile—and in nearly every security product niche. This is why an increasing number of buyers turn to MITRE ATT&CK when assessing vendors, and why we wanted to create an intuitive, self-service tool which allows you to explore how Taegis XDR maps to the universal framework.
Taegis XDR covers 98% of adversarial TTPs used by Cobalt Strike, including 50 of 51 techniques and 8,860 total countermeasures.
What MITRE alignment says about Taegis XDR
Taegis XDR maps defenses and countermeasures against more than 90% of all adversarial TTPs used by the malicious software tracked by MITRE, across all framework categories. We built Taegis XDR and Taegis ManagedXDR to detect the threats that evade the layers of your defensive security stack, especially preventative layers like the Next-Generation Firewall or the Endpoint Protection Platform. Taegis XDR extends from endpoint to network to cloud, with sensors deployed at strategic locations across the enterprise to deliver maximum visibility. As a multi-vector detection technology, XDR sees these attacks from a comprehensive vantage point by combining the visibility from various single-purpose tools together to increase total MITRE coverage. One hundred percent coverage against all attacks is unachievable for a single tool as things stand today, which is why we recommend targeted inclusion of a few additional tools to bring most enterprises close to full coverage.
How to use MITRE ATT&CK when considering security vendors
The point with highlighting MITRE is to show how a tool can positively impact your detection capabilities. As Forrester VP and Principal Analyst Jeff Pollard presciently contends, this shouldn’t be about vendor chest-beating. At Secureworks, we’re not focused on “winning” MITRE evaluations. Our ethos is to use MITRE as a way of demonstrating how we can help you improve visibility, and to help inform your buying decision. As a general rule, this is best practice for using the MITRE matrix. When vendors use it to show visibility for customers, it helps them make informed decisions regarding the tools in their security stack and offers a way to source the fewest tools needed for the greatest amount of attack surface coverage. MITRE helps you avoid coverage overlap and gaps in your stack. This way you’re not paying for duplicate coverage, nor do you have holes in your defenses. MITRE alignment is an effective way to help you find this balance.
No single tool or vendor can do it all
A good rule of thumb is to be wary of any vendor who claims 100% MITRE ATT&CK coverage—or even 100% across a single category of attacks—ransomware, trojans, botnets, etc.—as the adversarial tactics, techniques and procedures are constantly evolving, and the list of software used by the adversary continues to grow. When you’re in the middle of the vendor selection process, ask them about their capabilities and limitations, plus which products complement their strengths and fill key visibility gaps to get as close as possible to comprehensive attack surface coverage. You can use the MITRE common framework to become an informed consumer. Just make sure the vendors you’re considering can substantiate their claims at a granular level like we show in the Taegis XDR ASC tool.
Now dive in and see for yourself
We’re proud of how much coverage Taegis XDR offers our customers – but of course, we don’t expect you to simply take our word for it. Take a test run of our Taegis XDR Adversary Software Coverage (ASC) tool and experience it yourself. You’ll see what Taegis XDR sees, right down to the technique and sub-technique used by the adversary, across a library of hundreds of real-world malicious software tools. Happy hunting!