Investors
Spirent Logo
Cybersecurity

Enterprise Cybersecurity Threat Intelligence with MITRE ATT&CK™ and NetSecOPEN Frameworks

By:

Blog - Enterprise Cybersecurity Threat Intelligence with MITRE ATT&CK™ and NetSecOPEN Frameworks

Proactive cybersecurity assessment may be the best defense against ever-growing cyber threats. One of the areas that has had a significant impact on an organization’s ability to improve overall cybersecurity is tapping into emerging cyber threat intelligence information. The topic of threat intelligence is not new, but there are recent promising technology trends to solve the many challenges in that area. Gartner defines Threat Intelligence as "Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard"1. The ultimate cyber threat intelligence information would not only give enterprises the ability to proactively identify vulnerabilities in the network, but would also offer actions to prevent or hinder the attacks. There are a number of industry projects and initiatives that take a foundational approach rather than narrowly focusing on certain tools, class of vulnerabilities, or just adversarial (red team) vs. just detection (blue team) type of approaches.

Two recent influential initiatives in this arena include the MITRE ATT&CK and NetSecOPEN frameworks.

2

MITRE ATT&CK™ (Adversarial Tactics, Techniques & Common Knowledge) is mainly a knowledge base of adversary behavior intended to help those organizations that want to move towards a threat-informed defense. The solution addresses four key use cases: threat intelligence, detection and analytics, adversary emulation as well as assessment and engineering. MITRE released ATT&CK to the public in May of 2015 and has expanded quite significantly over the past five years. It is now in use by many different government organizations and industry sectors. ATT&CK is open and available to any person or organization at no charge, providing shared understanding of adversary tactics, techniques and procedures. It delivers insight on how to detect, prevent and mitigate attacks, as well as associated groups of malicious actors. MITRE organizes vulnerabilities using these categories:

  • Tactics: the “why” and describe goal of the attacker

  • Techniques: the “how” and describe actions taken by adversary to achieve tactical objectives

  • Mitigations: methods of addressing specific technique

  • Groups: Cluster of adversary activity and tracked by a common name in the security community.

NetSecOPEN’s intent is to have open standards for validating security products. Its open and standardized testing would reduce time in validation cycles and increase confidence in going from lab to production environment. NetSecOPEN is membership driven and would provide guidelines and best practices for validating modern network infrastructure solutions.

Approaches taken by MITRE and NetSecOPEN are important components of the toolbox for today’s security specialists. They would probably, however, need to be complemented with other solutions that are part of enterprise cyber security. In order to take the benefits of frameworks such as MITRE ATT&CK™ and NetSecOPEN to the next level, it is vital to have both solutions with linkages, as well as other elements of the enterprise network security offerings (e.g. network security, security information and event management, incident management, … platforms).

CyberFlood Data Breach Assessment Frameworks

CyberFlood Data Breach Assessment is an emulation-based solution that proactively provides in-depth, continuous and automated assessment of an enterprise’s security posture. Its latest offering includes industry frameworks such as NetSecOPEN and MITRE ATT&CK™ that are integrated with CyberFlood inherent capabilities, such as threat intelligence from Spirent Testcloud, assessment validation and reporting, as well as integration with industry leading Firewall, SIEM and ITSM solutions.

3

Using CF Data Breach Assessment frameworks as the basis of security assessment and reporting brings real-world observations and standards to validation of your real network.

Please visit us to learn more about how Spirent CyberFlood Data Breach Assessment can help in validating enterprise network infrastructure security postures or stop by our booth at RSA 2020 (N-5579) in San Francisco to see CF Data Breach Assessment industry frameworks in action.

Have a question for spirent ?
Get in touch with an expert
Tags: Security
Reza Saadat
Reza Saadat

senior technical marketing engineer, application and security group

Reza Saadat is a Senior Technical Marketing Engineer at Spirent in the Applications and Security group, with over 25 years of experience in computers and data communication technologies. At Spirent, Reza works with the Product Management, Engineering and Sales teams to bring to market new, cutting-edge applications and security testing solutions for network equipment manufacturers, enterprises, and service providers. His in-depth industry, market and software development knowledge as well as collaborative design and development skills have resulted in the creation of numerous  hardware and software solutions, which have been successfully released at companies such as IBM Corp, Cisco Systems and many more.