Creating a Common Language
The MITRE ATT&CK framework is a globally accessible knowledge base of cyber adversary tactics and techniques based on real-world observations. MITRE launched their ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework to help the cybersecurity industry speak a common language.
The MITRE ATT&CK product evaluations are focused on empowering end-users with insights on how to operationalize those products against known adversary attacks. It provides independent transparency on the capabilities of security products and motivates product vendors to enhance their capabilities against adversary behaviors.
Many practitioners within the cybersecurity industry advocate for a common language to describe cyber threats. The language used to describe these threats significantly shapes the way we think and determines how to approach a holistic defense. In recent years, the MITRE ATT&CK framework has increasingly become that common language and is helping push the security vendor community to enhance our abilities to detect known adversary behaviors. Security teams can leverage the MITRE ATT&CK model to think about key visibility points within their environment, as well as overall detection coverage and strategies.
Find out how our cloud-native SaaS application, Red Cloak™ Threat Detection and Response (TDR), performed during the MITRE ATT&CK Endpoint Protection Product Evaluation.
View our on-demand webcast to better understand the MITRE ATT&CK Framework and evaluations, including our perspective and results as a recent participant.
As a participant in the MITRE ATT&CK APT-29 evaluation, Secureworks has learned not only how to speak this language, but also how to enable a more relatable customer experience. Our Red Cloak™ TDR software maps alerts to the MITRE ATT&CK framework after it applies machine and deep learning to one of the industry’s richest threat data sets. This includes telemetry from 1,000+ incident response engagements each year and threat intelligence sourced from more than 4,000 customers. The Red Cloak dashboard (see screenshots) has alert visualizations built to improve the experience of our security analyst users. While the MITRE ATT&CK evaluations mainly focus on endpoint product vendors, Red Cloak TDR integrates data from a wide variety of sensors and visibility providers, including endpoint agents, network sensors, firewalls, proxies, public cloud provider APIs, and more.
Secureworks is an industry leader in delivering software-driven services. Watch this 2.5-minute video to learn why MDR powered by Red Cloak helps you scale your security team’s bandwidth.