Government Technology Insider
  • About
  • State & Local
  • Civilian
  • Defense & IC
SUBSCRIBE
No Result
View All Result
  • Acquisition
  • AI & Data
  • Cybersecurity
  • CX
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • Innovation and Technology to Advance Government
    • World of Work
    • Your Digital Transformation Path Starts Here
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
Government Technology Insider
  • Acquisition
  • AI & Data
  • Cybersecurity
  • CX
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • Innovation and Technology to Advance Government
    • World of Work
    • Your Digital Transformation Path Starts Here
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
No Result
View All Result
Government Technology Insider
No Result
View All Result
Home Cybersecurity

White Paper: How MITRE ATT&CK Can Help Agencies Develop More Effective Cyber Security Strategies

by Peter Jacobs
October 3, 2019
in Cybersecurity
Reading Time: 4 mins read
A A
White Paper: How MITRE ATT&CK Can Help Agencies Develop More Effective Cyber Security Strategies
Share on FacebookShare on Twitter

In cybersecurity, a key part of defense is understanding the nature of the attacks. But without a common way of describing the methods and techniques used by threat actors in the real world, it’s difficult to develop effective strategies to protect systems and data. In a recent white paper, the experts at cybersecurity solutions firm, Blackberry Cylance, looked at a framework for doing just that: a comprehensive knowledge base from MITRE called ATT&CK.  Essentially, this globally accessible repository captures the techniques, tactics and procedures (TTPs) of advanced persistent threats (APTs) to support development of new defense capabilities. But while ATT&CK can be a useful foundation for the creation of security models and methods, it’s important to understand what it isn’t.

Download the Whitepaper

ATT&CK, an acronym for Adversarial Tactics Techniques and Common Knowledge, breaks out details of 11 tactics and hundreds of related techniques used by threat actors. The framework links to real-world information used to identify issues and exploits that have been used against enterprises. In addition, it includes sections on Detection and Mitigation, to provide guidance on what and how to monitor the computing environment.

For federal security teams, especially in defense environments, this repository is more than a reference site; it’s a platform for creating plans and methodologies to combat cyber threats. Blackberry Cylance points out five key areas that the ATT&CK framework can support:

  1. Threat Modeling and Controls Gap Identification – to identify where the greatest risks can be found within the enterprise.
  2. As a Common Language / Reference for Meaningful Conversations – to get everyone on the same page when trying to set security goals for the organization
  3. As a Frame of Reference During Incident Response – to keep security response teams focused on the issue at hand until the incident is resolved, rather than who may be behind the attack
  4. As a Framework To Reference During APT-Replay Red Teaming Exercises – to add realism to the exercise, keeping in mind that attack groups will modify and improve their techniques over time; the next attack may look very different than the current one
  5. As a Bridge Between Red and Blue During Purple Team Exercise – to ensure that the lessons learned by the red team get translated into action by the blue team, by providing specifics about how defenses were breached (as opposed to simply identifying the point where the attack made its way into the network)

While this centralized, common reference tool can speed up or amplify security capabilities by making it easier to find crucial information, there are limitations. For one, ATT&CK can’t predict what form future threats may take; it is a repository of information about past attacks. Also, the information it contains isn’t meant to be a security strategy in and of itself—it’s meant to inform the decision-making functions of a CISO or SecDevOps leader, to help them develop the appropriate measures for their agency or organization. The context needs to come from those security team’s experience and tolerance for risk.

As the Blackberry Cylance white paper points out, before ATT&CK existed, there was no single catalog of both the obvious and nuanced differences between attacker TTPs. One real benefit has been shifting the focus from static signatures “towards a different type of detection: the behavior of a known adversary.”

What ATT&CK can do is provide clear, coherent facts about how adversaries interact with systems and data, and what approaches others have used to deal with those assaults. So, whether it’s spearphishing, supply-chain compromise or insider threat, those charged with securing the enterprise have a starting point that can help them move faster and more precisely to prevent and respond to cyberattacks.

Tags: APTsATT&CKcyber attackscybersecurityMITRETTPs

RELATED POSTS

Identifying the Building Blocks for a Successful Zero Trust Journey
Civilian

Identifying the Building Blocks for a Successful Zero Trust Journey

January 24, 2023
Paving the Way to a More Secure Future: How Legislation Helps
Cybersecurity

Paving the Way to a More Secure Future: How Legislation Helps

January 12, 2023
Federal IT Priorities for FY23: Security, Defense, and Digital Government Experience Top the List
Cybersecurity

Federal IT Priorities for FY23: Security, Defense, and Digital Government Experience Top the List

January 10, 2023

TRENDING NOW

  • Advana

    Meet Advana: How the Department of Defense Solved its Data Interoperability Challenges

    8426 shares
    Share 3370 Tweet 2107
  • Network Slicing Enables Agencies to Create Private, Secure, and Customized Networks: A Podcast

    112 shares
    Share 45 Tweet 28
  • CISA Issues Updated Guidance to Protect Federal Agencies Against Expected Onslaught of DDoS Attacks

    24 shares
    Share 10 Tweet 6
  • For CBP and DHS, AI Reveals Meaningful Connections from Disparate Data

    19 shares
    Share 8 Tweet 5

CONNECT WITH US

Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
MaaS Nebula Software Factory Banner Ad MaaS Nebula Software Factory Banner Ad MaaS Nebula Software Factory Banner Ad
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
Advertisment Banner Ad Advertisment Banner Ad Advertisment Banner Ad
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad

BECOME AN INSIDER

Get Government Technology Insider news and updates in your inbox.

Strategic Communications Group is a digital media company that helps business-to-business marketers drive customer demand through content marketing, content syndication, and lead identification.

Related Communities

Financial Technology Today
Future Healthcare Today
Modern Marketing Today
Retail Technology Insider
Today’s Modern Educator

Quick Links

  • Home
  • About
  • Contact Us

Become a Sponsor

Strategic Communications Group offers analytics, content marketing, and lead identification services. Interested?
Contact us!

© 2023 Strategic Communications Group, Inc.
Privacy Policy      |      Terms of Service

No Result
View All Result
  • Home
  • About Government Technology Insider
  • State & Local
  • Civilian
  • Defense & IC
  • Categories
    • Acquisition
    • AI & Data
    • Customer Experience
    • Cybersecurity
    • Digital Transformation
    • Hybrid Work
    • Public Safety
  • Contact Us