ThreatQuotient™,
a leading security operations platform innovator, today announced that
the ThreatQ™ integration
with MITRE ATT&CK™ now includes support for PRE-ATT&CK
and Mobile. Together with Enterprise ATT&CK, the three-pronged
framework creates an end-to-end attack chain that examines and assesses
an adversaries’ actions. Since first integrating with MITRE ATT&CK in
early 2018, ThreatQuotient has helped customers integrate the framework
in their workflows to achieve a holistic view of their organization’s
specific attack vectors and what needs to be done to effectively defend
against adversaries.
Attacks are happening with increasing velocity, and the average cost of
a data breach has risen to $3.86 million, according to the 2018 Cost
of a Data Breach Study by Ponemon. As more organizations begin to
accept the likelihood that they will be breached, the security industry
is placing greater emphasis on technologies, tools and processes to
accelerate detection and response. However, this is not always done with
collaboration in mind. When combined, the ThreatQ platform and
MITRE ATT&CK framework enables expansive and shared understanding across
teams and technologies, allowing faster response when an event occurs.
“Every organization can derive value from the MITRE ATT&CK framework to
measure, improve and extend the capabilities of their security
operations. To yield the greatest success, security teams should use the
framework to have a complete understanding of what they are trying to
protect against,” says Ryan Trost, CTO & Co-founder at ThreatQuotient.
“Whether mapping the attack tactics or techniques against your defenses
to more accurately assess your risk posture; connecting active
adversaries to their own respective TTPs to ensure internal battle cards
are accurate and distributed; or simply gauging your organization’s
higher probability threat risk areas and providing your red team better
‘real world’ objectives ThreatQ’s integration of the ATT&CK framework
provides teams an out-of-the-box capability. As an organization’s
capacity to use ATT&CK data evolves, the ability to dig deeper into the
framework will allow a company to gain even greater value…but at their
own pace. This is great for the industry and will hopefully play a
cornerstone role as organizations defend themselves against attacks.”
“The MITRE ATT&CK knowledge base provides a common language for the
cybersecurity community to use when describing adversary behaviors,”
said Katie Nickels, MITRE ATT&CK Threat Intelligence Lead. “We continue
to be inspired by the ways the entire community is using ATT&CK to
improve their defenses.”
ThreatQuotient has long believed that the ability to accelerate security
operations starts with having a thorough and proactive understanding of
the actors, campaigns and TTPs targeting an organization. There are
three main ways an organization can use the integration of ThreatQ and
MITRE ATT&CK to their advantage:
-
Reference and Data Enrichment
Aggregate data from the
framework into ThreatQ and search for adversary profiles to answer
questions like: Who is this adversary? What techniques and tactics are
they using? What mitigations can I apply? Security analysts can use
the data from the framework as a detailed source of reference to
manually enrich their analysis of events and alerts, inform their
investigations and determine the best actions to take depending on
relevance and sightings within their environment. -
Indicator or Event-Driven Response
Use ThreatQ to
correlate data from the ATT&CK framework with incidents and associated
indicators from inside the organization’s environment. Security
analysts can then automatically prioritize based on relevance to their
organization and determine high-risk indicators of compromise (IOCs)
to investigate. With the ability to use ATT&CK data in a more simple
and automated manner, security teams can investigate and respond to
incidents and execute appropriate courses of action for more effective
detection and more efficient threat hunting. -
Proactive Tactic or Technique-Driven Threat Hunting
Pivot
from searching for indicators to taking advantage of the full breadth
of ATT&CK data. Threat hunting teams can take a proactive approach,
beginning with the organization’s risk profile, mapping those risks to
specific adversaries and their tactics, drilling down to techniques
those adversaries are using and then investigating if related data
have been identified in the environment. For example, they may be
concerned with APT28 and can quickly answer questions including: What
techniques do they apply? Have I seen potential IOCs or possible
related system events in my organization? Are my endpoint technologies
detecting those techniques?
ThreatQuotient’s Neal Humphrey, Threat Intelligence Engineer Director,
North America, will host a webinar on May 22, 2019 at 2:00pmET to
discuss best practices for applying the MITRE ATT&CK framework
effectively and making it actionable. Registration and more information
about the webinar, Combating Trisis with MITRE ATT&CK Framework,
can be found here.
About ThreatQuotient
ThreatQuotient’s mission is to improve the efficiency and effectiveness
of security operations through a threat-centric platform. By integrating
an organization’s existing processes and technologies into a single
security architecture, ThreatQuotient accelerates and simplifies
investigations and collaboration within and across teams and tools,
supporting multiple uses cases including incident response, threat
hunting, and serving as a threat
intelligence platform. Through automation, prioritization and
visualization, ThreatQuotient’s solutions reduce noise and highlight top
priority threats to provide greater focus and decision support for
limited resources. ThreatQuotient is headquartered in Northern Virginia
with international operations based out of Europe and APAC. For more
information, visit https://threatquotient.com.
View source version on businesswire.com: https://www.businesswire.com/news/home/20190520005032/en/